About the Position :
The Sr. Director of Product Security is an accomplished security professional with hands on experience leading teams focused on securing B2B and B2C SaaS platforms.
The scope of responsibility encompasses all aspects of securing Ceridian’s Products, including but not limited to threat modeling, security architecture, design reviews, application security, and process design to secure CI / CD pipelines.
You'll be a part of a fast moving and dynamic team that is tightly integrated and focused on execution and delivery of customer focused software products.
You will lead Product Security and report to the CISO & VP of Product for Ceridian. You will work in close partnership with the Product Hosting Team, Architecture, Product Management, Cybersecurity teams, and several Development / Product Engineering teams.
As the thought leader for Product & Application Security, you will lead a team of architects, engineers, and security experts and have deep experience in deploying software-defined Cybersecurity services including data protection, access control, container security, and secure agile code development at scale.
Your team will partner with other leaders to architect and deliver : Cloud Security, Cloud Data Encryption and Tokenization, Key Management, Web Application / Service Security, API Security, Database Security, Threat Modeling, Network Security, IAM, and a Secure SDLC.
The leader will partner on the evolution of secure development methodologies and mechanisms for all of Ceridian’s products and services.
This leader will also drive effective integration, adoption of standard methodologies, and the latest methods & techniques in identifying design flaws and software issues.
This role requires timely and effective communications to key stakeholders including executive level leadership. Work is done in close partnership with other leaders from several technical and product teams.
In addition to the effective management of product security, this leader may also lead strategic or special projects related to cybersecurity improvement opportunities.
Responsibilities : Product Security :
Lead Ceridian’s Product Security team
Leverage Design Thinking and take a Security first mindset to bake security into the product
Perform Design Reviews to ensure security is a core requirement of all Ceridian products
Partner with Engineering teams on the implementation of security minimizing cost, time, and customer friction.
Understand attack techniques and perform threat modeling to design controls to guard against common attacks
Lead the implementation of security controls to protect Ceridian’s SaaS platform
Design and implement secure coding practices into Ceridian’s SDLC
Audit and enforce secure SDLC processes are consistently followed by development teams
Partner with product management team to document product security and compliance across the products
Partners with product marketing to position security as a competitive advantage
Create and maintain process documentation, including standard operating procedures as better practices and new processes are identified
Act independently to identify and resolve risks to Ceridian’s global enterprise and attack surface.
Directly & indirectly manage a team of security experts
Manage 3rd parties hired to provide testing services
Assist customer facing teams in answering product security questions submitted by customers
Follow applicable documentation, confidentiality and legal standards in all written and verbal communication
Demonstrate excellent judgement when addressing new challenges where process may not already exist
Assist with various audit of internal compliance to cybersecurity policies and standards
Partner with senior leaders across the business to help protect and grow the business
Implement security best practices in accordance with ISO 27000 Information Security Management System and other national / international security standards
Lead strategic or special projects required for Ceridian to meet its cybersecurity objectives including the evaluation and implementation of new cybersecurity technology
Communicate effectively with business and technical audiences and produce suitable communications for multiple audience types, both client-facing and internal
Qualifications : Education / Experience
Bachelor’s degree in Computer Science plus 10+ years related experience, or
Master’s degree plus 8+ years related experience preferred, or
Equivalent combination of education and related experience
Required Skills and Knowledge
Experience managing people in a cybersecurity or information technology organization
Experience working with product development / engineering and product management teams
Experience in cloud security and service infrastructure
Experience working for a SaaS technology company
Experience in driving effective implementation & adoption of Security Development Lifecycle (SDL) and software maturity model
Proven knowledge and experience with threat models, web security and secure development practices
Proven track record of delivering cybersecurity or information technology projects effectively
Prior experience in distributed system design and microservice architectures
Experience in developing and deploying cloud services using cloud architectures
Proven knowledge of secrets management, cryptography, and authentication and authorization protocols used in software development
Experience with CI / CD and software deployment automation tools
Prior experience in implementing and integrating tools for static analysis, dynamic analysis, fuzzing, and penetration testing
Good working knowledge of cybersecurity best practices
Strong knowledge of relevant cybersecurity related hardware, software and vendor solutions
Ability to understand and work with complex, large enterprise business environments
Demonstrated capacity to lead under pressure, make decisions in ambiguous situations and drive cross functional collaboration in a short period of time
Ability to work well interpersonally across different teams and disciplines at various levels up through executives, as well as influence and manage without direct authority.
Ability to prioritize and effectively manage competing priorities and projects