USAA Lead Application Security Advisor in San Antonio, Texas
Purpose of Job
Job Description SummaryDevelops strategies and Information Security plans. Provides thought leadership while managing multiple large scale initiatives. Collaborates with all levels of USAA management and internal partners to assess Information Security and align to support the organization goals with Enterprise goals. Leads Information Security risk by identifying, evaluating, assessing, designing, monitoring, administering, reporting and implementing systems, policies and processes. Advises various levels of senior management on Information Security risk management issues and serves as the primary resource for cross-functional team members on escalated issues of a unique nature. Works under minimal supervision on complex and unique work assignments and recommends appropriate solutions and problem resolution.
1. Leads technical thought leadership to guide the strategic direction to executive management focusing on Information Security risk of USAA development projects, departmental initiatives and other special projects. Identifies and leads requirements and recommends system security configurations; oversees security briefings and responding to inquiries. 2. Provides advanced advice and acts as an Information Security subject matter expert liaison between the company and staff agencies through formal and ad-hoc inquiries. 3. Provides governance and leads identifying, analyzing and initiating changes in the Information Security policies, guidelines and standards including advising company and staff agencies in support of developing and managing the Information Security awareness program. 4. Gives counsel to ensure that internally developed and commercially available business applications include adequate Information Security controls; Consults process owners on the identification, development and testing of Information Security controls for risk mitigation effectiveness. 5. Performs physical site assessments of business partners and provides peer review of work product and deliverables. Counsels and performs release of information analysis to third party business partners and identifies alternative methods for securing and releasing information when applicable. 6. Leads the planning, design, development and execution of the Information Security risk and control identification, evaluation, documentation, analysis and reporting processes including analytic tools. Provides expert analysis and recommendations on Information Security risk assessment and mitigation to internal and external clients or other analysts; influences Information Security risk management strategies and approaches and educates risk owners on best practices. Regularly advises senior management on key Information Security risk management efforts. 7. Establishes strategic partnerships to anticipate, advise, and effectively communicate (written and verbal) Federal and State regulatory and business partner Information Security risk requirements. 8. Coaches and mentors peers and cross functional team members to achieve business result, development, and delivery. 9. Other duties as assigned.
MINIMUM • Bachelor's degree in MIS, Computer Engineering, Cyber Security, IT or related disciplines OR 4 years of additional work experience in IT, Information Security, Cyber Security or equivalent in lieu of a degree. • 8+ years work experience in Information Technology or related discipline • 6+ years leading within a matrixed corporate environment • Advanced knowledge risk, control, budgets, process and loss costing • Advanced knowledge relevant industry data sources, standards, data analysis tools and techniques (e.g. Archer, MetricStream, BWise). • 8+ years facilitating risk assessment sessions with all levels of management and executive management.
PREFERRED • Experienced expert in application security. • Hands-on background performing Application Software Development and Coding. • Experienced with SAST/DAST tools, appsec threats, writing secure code, mitigating defects. • Experiential familiarity with common IT Web and Mobile platforms architecture and coding. • Successful experience leading/developing an Application Security Program. • Passionate and accountable mentor, advocate, and visionary in overseeing/educating others to elevate enterprise application security practices in order to reduce and manage security risk. • Cyber Security Professional designation in CISSP, CISA, CRISC.
Lead Application Security Advisor TX-San Antonio R0001067