Overview: We are seeking a highly skilled and strategic leader to join our organization as the Head of Vulnerability & Business Information Risk Management. In this role, you will be responsible for overseeing and enhancing our vulnerability management program and application security practices. You will lead a team of experts to identify, assess, prioritize, and mitigate vulnerabilities across our systems and applications, ensuring the integrity and security of our technology infrastructure.
Key Responsibilities - Leadership and Strategy:
- Develop and execute a comprehensive vulnerability management strategy aligned with organizational goals and industry best practices.
- Provide strategic direction and vision for application security initiatives, integrating security into the software development lifecycle (SDLC).
- BISO and Enterprise Advisory Services:
- Working closely with business leaders, technology leaders, and privacy professionals to assure the organization meets current standards, complies with regulatory requirements, and addresses the future direction of the business.
- Team Management:
- Lead and mentor a team of vulnerability management and application security professionals, fostering a culture of excellence, innovation, and collaboration.
- Define roles, responsibilities, and career development paths within the team to promote growth and maximize performance.
- Vulnerability Assessment and Remediation:
- Oversee the identification, assessment, and prioritization of vulnerabilities across infrastructure, networks, and applications.
- Implement effective remediation strategies and controls to mitigate identified vulnerabilities promptly.
- Application Security Governance:
- Establish and enforce application security policies, standards, and guidelines to ensure compliance with regulatory requirements and industry standards (e.g., OWASP).
- Conduct regular security assessments and audits of applications to identify security gaps and recommend solutions.
- Work with developers and architects to ensure security is appropriately built in the development cycle. Coordinate the performance of internal and external network and systems vulnerability assessments and penetration tests.
- Collaboration and Communication:
- Collaborate with cross-functional teams including IT operations, development, architecture, and risk management to integrate security into the overall IT strategy.
- Communicate security risks and recommendations to senior leadership and stakeholders, advocating for necessary investments and resources.
- Incident Response and Continuous Improvement:
- Develop and maintain incident response plans and procedures related to vulnerabilities and application security incidents.
- Drive continuous improvement initiatives to enhance the effectiveness and efficiency of vulnerability management and application security processes.
Required Skills and Qualifications:
- Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or related field; advanced degree preferred.
- Proven experience (8+ years) in vulnerability management, application security, or related cybersecurity roles, with at least 5 years in a leadership capacity.
- Deep technical expertise in vulnerability assessment tools, application security testing methodologies, and threat modeling.
- Strong understanding of regulatory requirements, compliance frameworks (e.g., PCI-DSS, GDPR), and industry standards (e.g., NIST, ISO 27001).
- Demonstrated ability to develop and execute strategic initiatives, manage budgets, and drive organizational change.
- Excellent communication skills, with the ability to articulate complex technical concepts to non-technical stakeholders and influence decision-making at all levels.
Preferred Qualifications:
- Industry certifications such as CISSP, CISM, CEH, or GIAC certifications (e.g., GPEN, GWAPT).
- Experience with cloud security architecture and technologies (e.g., AWS, Azure, GCP).
- Knowledge of DevSecOps principles and practices, including automation of security testing and monitoring.
#LI-MC1
Salary Range: $189,900.00-$249,200.00 At MassMutual, we focus on ensuring fair equitable pay, by providing competitive salaries, along with incentive and bonus opportunities for all employees. Your total compensation package includes either a bonus target or in a sales-focused role a Variable Incentive Compensation component.
Why Join Us. We've been around since 1851. During our history, we've learned a few things about making sure our customers are our top priority. In order to meet and exceed their expectations, we must have the best people providing the best thinking, products and services. To accomplish this, we celebrate an inclusive, vibrant and diverse culture that encourages growth, openness and opportunities for everyone. A career with MassMutual means you will be part of a strong, stable and ethical business with industry leading pay and benefits. And your voice will always be heard. We help people secure their future and protect the ones they love. As a company owned by our policyowners, we are defined by mutuality and our vision to put customers first. It's more than our company structure - it's our way of life. We are a company of people protecting people. Our company exists because people are willing to share risk and resources, and rely on each other when it counts. At MassMutual, we Live Mutual. MassMutual is an Equal Employment Opportunity employer Minority/Female/Sexual Orientation/Gender Identity/Individual with Disability/Protected Veteran. We welcome all persons to apply. Note: Veterans are welcome to apply, regardless of their discharge status. If you need an accommodation to complete the application process, please contact us and share the specifics of the assistance you need. At MassMutual, we focus on ensuring fair, equitable pay by providing competitive salaries, along with incentive and bonus opportunities for all employees. Your total compensation package includes either a bonus target or in a sales-focused role a Variable Incentive Compensation component. For more information about our extensive benefits offerings please check out our Total Rewards at a Glance.