Associate Application Security Director

Nottingham, England,United Kingdom
16 Mar 2018
13 Jul 2018
Experienced and senior information security professional to set up and establish a recently created function to act as the Associate Application Security Director within our PAREXEL Informatics division.

Oversee all development activities within the software development lifecycle with respect to application information security. Working closely with our development and engineering teams you will have authority and responsibility across PAREXEL engineering groups for all aspects of software and data security, including policy formation and application.

Setting software and data security strategy, developing long term relationships with customers, partners and industry leaders to formulate and implement this strategy. This aspect of the role will involve communicating the potential impact of emerging technologies on software and data security and assesses the risk of using or not using such technologies.

Key Accountabilities:

Information Security:
- Develops and communicates corporate information security policy, standards and guidelines.
- Contributes to the development of organisational strategies that address information control requirements.
- Identifies and monitors environmental and market trends and pro-actively assesses impact on business strategies, benefits and risks.

Security Administration:
- Monitors the application and compliance of security administration procedures and reviews information systems for actual or potential breaches in security.
- Ensures that all identified breaches in security are promptly and thoroughly investigated and that any system changes required to maintain security are implemented.

Information Assurance:
- Interprets information assurance and security policies and applies these in order to manage risks.
- Provides advice and guidance to ensure adoption of and adherence to information assurance architectures, strategies, policies, standards and guidelines.

Penetration Testing:
- Coordinates and manages planning of penetration tests, within a defined area of business activity.
- Delivers objective insights into the existence of vulnerabilities, the effectiveness of defenses and mitigating controls - both those already in place and those planned for future implementation.
- Takes responsibility for integrity of testing activities and coordinates the execution of these activities.QualificationsSkills:
- Ability to engage and exert a professional influence using expertise and knowledge of the information security market or industry at senior leadership level
- Excellent interpersonal, verbal and written communication skills
- A flexible attitude with respect to work assignments and new learning
- Shows Initiative and self-confidence, is adaptable and is able to cope with changing and evolving priorities.
- Must have the ability to work methodically in a fast-paced, time-sensitive environment
- Manages provision of consultancy services.

- Degree in Life Sciences, Engineering, or Computer Science field, or equivalent experience in the IT / Information Security field.

Knowledge and Experience:
- A strong rounded IT background in IT or Information Security preferably with previous software development or engineering experience is essential.
- Demonstrable experience working and operating at a senior level with internal stakeholders is key.
- Good understanding of software and data security within the IT industry and the implications of emerging technologies for the wider business environment is required..
- Previous experience of designing and implementing an Information security strategy
- Knowledge of methods like threat modelling applied to software development are desirable
- Understanding of applied and managed security risks for software development is essential
- Ability to define and document processes (e.g. Standard Operating Procedures) is essential.
- Understanding of Agile methodologies (preferably Scrum) is desirable
- Applied framework and good practices like TOGAF, OWASP, ISO 24772 are desirable.