Application Security Manager
At M&G our vision is: to become the best loved and most successful savings and investment business
and we're looking for people who are excited about joining us on our journey. We're digitally transforming and investing heavily in technology and innovation to develop new and improved customer propositions that really raise the bar for our customers. To help us achieve our vision we're looking for exceptional people who live our values and behaviours and who can inspire others; embrace change; deliver results and keep it simple.
We know that an inclusive environment makes us more accessible and ensures we attract, engage, promote and retain exceptional people. We welcome applications from all individuals regardless of age, gender/gender identity, sexual orientation, ethnicity/nationality, disability, or military service and welcome those who have taken career breaks. We will consider flexible working arrangements or home working arrangements for any of our roles. What you can expect from us:
We are committed to creating an environment where you can be exceptional at all you do. To help us deliver this, we promise to:
How do we support our employees:
- Challenge Your Limits by creating a stimulating working environment and providing opportunities for you to be involved in meaningful and challenging work
- Support Your Aspirations with a commitment to learning and development that helps you achieve and build your experience with people who want you to succeed
- Value Your Input whereby leaders and managers will involve you in key decisions, listen to your thoughts and recognise the important contribution you make
- Balance Your Life through a work life partnership that focuses on making this an inclusive, diverse and friendly place to work and offers the flexibility and support that enables everyone to be at their best
All M&G plc employees will be supported in the workplace through our M&G Employee Assistance Programme (EAP). If you need counselling, confidential financial or legal advice. The service is available 24 hours a day, 365 days a year and offers access to qualified professionals who can provide specialist information, advice and support on many issues. It offers a broad range of services, including help with family issues, maintaining work/life balance and mental health support. Job Title:
Application Security Manager Reports to:
Head of Security Engineering Overall Role Purpose:
Leads the application security team and provides subject matter expertise Key Responsibilities:
- Leadership of the application security team and services
- Operationalise an application security service including processes, tools and technologies
- Act as SME for application security matters and provide security advice and guidance to development teams
- Manage, maintain and enhance the configuration of application security toolsets including static code analysis, open source component analysis and container analysis.
- Support M&G in staying abreast of current and emerging security threats and technology solutions
- Help develop security awareness and knowledge within the Application Security domain
Act as the subject matter expert for Application Security in respect of:
- Support the development of policy, standards and architecture in relation to IT risks and security
- Prevailing M&G security policies, standards and architectures
- Best practice for application security and secure coding
- Security industry trends, technologies and vendors
- Application security toolsets
Job Requirements - Knowledge and Skills
- Threat modelling tools and techniques
- The ability to write code in any modern programming language.
- Knowledge of application security vulnerabilities covering the OWASP Top 10 and wider.
- Knowledge of best practice ways to remediate application security vulnerabilities.
- Experience using or running application security toolsets such as Static Code Analysis tools.
- Good stakeholder relationship management skills
Job Requirements - Attributes:
- Appropriate level of cyber security experience and accreditation (CISSP,SSCP,CISM etc.) is desired but not essential.
- Highly organised, excellent prioritisation and planning skills
- Strong verbal and written communication skills, with an ability to present to management
- Actively shares experience and ideas.
- Good stakeholder management skills. Able to effectively listen, communicate, challenge and influence team members, peer group, suppliers, and senior management.
- Strong analytical skills. Able to review and assess security and technology issues and interpret in terms of impact to M&G
We live by four behaviours at M&G and we ask all our employees to:
- Inspire Others - Support and encourage each other, creating an environment where everyone can contribute and succeed
- Embrace Change - Be open to change, willing to be challenged and able to adapt quickly and imaginatively to new ideas
- Deliver Results - Focus on outcomes, set high standards and deliver with energy and determination
- Keep it Simple - Cut through complexity and bureaucracy, be clear and decisive and never overcomplicate things