Senior Product Security & Privacy Consultant
Chicago, IL

Job Description

What's the role?

Join our fast growing international team in this highly visible leadership role in which you will become part of the HERE Security, Privacy and Continuity (SPC) team.

You will be working with R&D teams in HERE to help them develop web applications and location-based services complying with HERE security, privacy and continuity policies and applicable regulations and legislation, while working in an agile environment on a continuous delivery mode. The Senior Application Security Manager will oversee and direct the secure development and operations of key HERE consumer and partner services.

This is a hands-on position with exposure to numerous security activities within a global unit requiring experience in building secure web services and applications from ground up, ensuring they are ready for launch in a secure state, and maintained and operated in such a way that we can mitigate risks, avoid security incidents and fulfill the requirements.

You are required to constantly monitor and be aware of the latest key developments in the area of web applications, web services security and mobile internet security, relevant regulations and 3rd party requirements. You will have to evaluate their impact on services both in production and under development.

You must be able to work in international and multi-cultural virtual teams, identify the needed/missing capabilities and contribute in application security training, awareness and competence development by creating and maintaining a security community in HERE services R&D.

Responsibilities:

* Develop relevant policies, standards, procedures and guidelines thus contributing to HERE governance, risk and compliance area on Security, Privacy and Continuity related topics.
* Contribute to developing, maintaining and improving a SDLC.
* Oversee all security activities within given services development and operation projects.
* Participate in the development of internal security training and awareness
* Ensure that R&D services and application teams have the necessary competencies and appropriate tools to fulfill security, privacy and continuity requirements
* Ensure internal go-live requirements are met
* Perform and facilitate business impact assessments, risk and threat analysis
* Manage security testing activities
* Manage and ensure the successful resolution of identified vulnerabilities
* As necessary, review and contribute to 3rd party contracts and manage contractors' requirement fulfillment
* Review and/or conduct internal and external security assessment reports

Who are you?

* BSc or higher degree in Computing Science, or equivalent experience
* Relevant work experience in web services and application security management and/or development 5+ years
* Strong knowledge of information security principles, best practices, architectures, tools and processes
* Experience in defining and writing policies, standards, procedures and guidelines
* Knowledge of relevant information security standards e.g. ISO 27001
* Knowledge of software and network architecture and standards
* Ability to understand business drivers and priorities, and integrate these requirements into overall security design
* Knowledge of web technologies and standards such as HTML, JavaScript, SQL, JSON, XML, XHTML, SSL/TLS, REST, SAML, OAuth
* Experience in secure application development and typical design patterns especially when applied in agile environments targeting for rapid production updates
* Ability to communicate security objectives orally and in writing to a variety of audiences. Must be able to explain to both a technical and non-technical audience why we don't want to see vulnerabilities like XSS, CSRF, SQLi etc.
* Self-motivation with the ability to work independently in a global team and as a team member with minimal direction

Expertise/skills preferred

* Experience in defining, developing, maintaining and supporting a SDLC in agile / continuous delivery mode organization is a strong plus.
* Professional security certifications like CISSP, CISA, CISM, CRISC, ISO 27001 Lead Auditor / Lead Implementer or similar are a plus
* Experience with ISO 27001 standard implementation is a plus
* Some background in Java, C/C++, Python, Ruby, or other modern programming languages is a plus
* Experience in secure code reviews is a plus

HERE is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, age, gender identity, sexual orientation, marital status, parental status, religion, sex, national origin, disability, veteran status, and other legally protected characteristics.

#LI-VP1

Who are we?

Ever checked in somewhere on social media? Ever tracked your online orders?" You might be using HERE Technologies every single day without even realizing it. You can find us everywhere: in vehicles, smartphones, drones or third-party apps. We believe that with the right people, we will continue to be a game-changer in the technology industry and improve the daily lives of people around the world. Find out more by clicking the video below or going HERE.