Pearson Director, Global Product Information Security Officer (PISO) in San Antonio, Texas
Director, Global Product Information Security Officer (PISO)
At Pearson, we have a once in a generation opportunity to transform teaching & learning to prepare people for a changing economy. The educational ecosystem is changing at a ferocious pace. Our company is changing rapidly. We no longer have the luxury of waiting to see how the market will change; we need to operate differently. Learners today are preparing to enter a world of work in which the skills required for employment are rapidly changing. Lifelong learning & ongoing re-skilling will become a reality for most.
In addition - Technology has changed our expectations of how we live, work, communicate. Learners expect education to be engaging and inspiring. They expect digital learning to be as responsive, secure, fast and effective as the other apps in their pocket - Facebook, iTunes. They expect to have access to learning anytime, anyplace, any device and get help when they need it - Consumer Grade without being a target of cyber attacks.
The Director, Global Product Information Security Officer (PISO) is responsible for the overall security and assurance of all Pearson global digital platforms and products,.Key success criteria for this role include: driving security into all customer facing Pearson’s digital platforms and products. Ensure risk remediations and backlogs are prioritized appropriately within global product teams. Influence the executive community on the state and efficacy of security controls for their products, maintaining two-way communications between Product Technology Team’s (GPT) and CISO. Secure ongoing security funding for special / complex projects, and evangelizing DevSecOps across all product teams.
As a direct report to theVP, Security Architecture and Engineering, you will have the following accountabilities:
Own the global product security blueprint and architecture for all Pearson’s customer facing products
Be the change leader for global product teams to embrace DevSecOps through automation and security integration to CI/CD processes
Ensure all Pearson’s cloud digital platforms and products meet key security and compliance requirements
Strong leadership skill driven both from business and security perspectives to ensure delivery of product security solutions which are aligned to Pearson’s business needs;
Evangelize secure cloud platform & product requirements
Serve as a security leader in application development, database and microservice design, container and/or virtual machine technologies, helping project teams comply with enterprise and CISO security policies, industry regulations, and best practices
Coordinate incident response, investigation, and resolution of security incidents across global products
Provide strategic and tactical security guidance for existing and new product and service deployments across global product teams
Effectively consume services from CISO matrix teams providing application security services
Communicate the importance and promote awareness of information security, information risk, and privacy to business units, customers and partners within the global product teams;
Work closely with fellow CISO teams to ensure consistent value-added security services for the global products and core platforms;
Work collaboratively with a diverse, global, and multicultural community;
Maintain confidentiality of work related information and materials;
Establish and maintain effective working relationships throughout the company;
Able to present information to large and small groups, and convey messages to both technical and non-technical audiences;
Contributes to the development and maintenance of the information security strategy, policies and standards;
Embrace a culture of continuous service improvement and service excellence; and
Stay up to date on security industry trends.
Key Success Criteria
Security state of global platforms and products measured through a formalized dashboarding process
Extent of which security Non Functional Requirements (NFRs) and implemented and tested for new platforms and products
Successful adoption of DevSecOps by product teams
Extent to which a risk aware culture and secure coding practices are adopted by product teams
12 years in Information Security space; with a focus on digital platform and product security
Minimum of 10 years of relevant experience in secure SDLC (i.e., Agile, DevOps), threat modelling, risk management, vulnerability management, incident response and security monitoring.
In-depth knowledge of application security tool sets used for static and dynamic testing such as Checkmarx, AppSpider
Extensive experience in the designing and implementing product and application security controls for both cloud and on-prem
BA/BS degree, or equivalent experience, security qualifications and accreditation appropriate to the region.
In-depth understanding of application security frameworks such as OWASP
Strong experience in cloud provider ecosystems, including Amazon AWS, Microsoft Azure, and OpenStack.
Experience with a broad range of security technologies, including nextgen firewalls, DLP, NAC, IDS/IPS, IdAM, certificate management, SIEM, endpoint protection, anti-malware, vulnerability management and cloud security;
Strong oral, written, and presentation abilities - able to convey risk to all levels of the business, from C-level executives to operations and development teams;
Strong business acumen with the ability to build business cases for technology initiatives and to effectively communicate the value proposition to non-technical stakeholders
Some proven ability in securing the CI/CD pipeline
Solid working experience of continuous integration practices & tools (Jenkins, Travis CI, etc…)
An established history of working in agile teams
An industry recognized professional with proven contribution to product security
Knowledge of scripting JSON, Python
Well-rounded background in network, host, database, and application security
Professional security accreditations (CISM, CCSA, CCSE, JNCIA, CCNA, CISSP, CCIE Security).
Competences and Behaviours
Working within an international environment
Builds networks with customers, other team members and other relevant teams is essential
Keeps all relevant people appropriately informed
Very good communications, presentation and negotiations skills
Able to express technical and non-technical concepts in clear verbal and written English
Very good written skills to document complex concepts in a comprehensive, yet readable manner
Encourages people to be open and share their views
Considers a range of options that meet the needs of all stakeholders
Ability to use own initiative to solve technical problems
Takes responsibility for targets
Drive efficacy into all solutions delivered, demonstration clear and measurable results through the development of KPIs
Ambitious and competitive
Drive innovation and best practice
Strive for standardisation and simplification in all aspects of work
Always cost conscious balancing the needs of the business against the provision of the best solutions possible
Pearson is an Equal Opportunity and Affirmative Action Employer and a member of E-Verify. All qualified applicants, including minorities, women, protected veterans, and individuals with disabilities are encouraged to apply.
Primary Location: US-CO-Centennial
Other Locations US-CA-San Francisco, US-TX-San Antonio
Work Locations: US-CO-Centennial-2154 East Commons 2154 East Commons Avenue Centennial 80122
Organization: Technology & Operations
Employee Status: Regular Employee
Job Type: Standard
Shift: Day Job
Job Posting: Sep 14, 2017
Req ID: 1714973