The Application Security team in MetLife’s IT Risk & Security organization plays a critical role in ensuring the security of MetLife’s applications and protecting customer and MetLife data. The team works closely with global application development teams and leading application security vendors who provide SAST/DAST/SCA/WAF/RASP and ethical hacking services.
Application security is a top area of focus at MetLife and we are working to embed a ‘secure by design’ culture and associated practices in all development teams. We have adapted key practices recommended by industry standard software security maturity models to further enhance MetLife’s Application Security strategy. This is an exciting time to join the Application Security team as we are continuing to expand the team and invest in new capabilities.
The Director of Application Security Strategy & Governance will play an important role in implementing the strategic roadmap and in driving initiatives to improve governance and operational practices. This leader will also drive strategic engagement with application development teams, divisional CIO’s and be responsible for security assurance and compliance activities related to application security.
Lead a team tasked with refining, managing and executing MetLife’s global strategic application security roadmap that is based on industry standard software security frameworks. Plan, implement and track key initiatives focused on strategy, metrics, compliance, policy, developer awareness, training and global stakeholder engagement.
Lead the strategic improvement of how metrics are assembled and reported on the state of application security at MetLife. Create data driven actionable insights for application development teams to reduce risk. Use a risk-based approach to identify and track high risk applications with security vulnerabilities and track remediation activities
Share a comprehensive view of current state of application security metrics across full application portfolio at MetLife with stakeholders across CIO organizations. Chair monthly global application security governance forums with CIO delegates on program updates, security metrics and emerging security topics
Manage and maintain MetLife’s application security policies, standards and procedures to comply with customer and regulatory mandates (e.g. NYDFS, PCI, HIPAA etc.). Liaise with Vendor Management and Procurement teams to manage, track vendor compliance and obtain attestation of software security. Track policy exceptions and remediation dates through active engagement with development teams and operations teams
Partner with Audit teams to periodically audit controls and secure coding practices being followed by development teams. Provide high impact presentations to ensure executive awareness of the AppSec program and associated metrics to CIO’s and senior leaders. Publish, maintain and curate security content, industry research articles, security directives, emerging threats, best practices, developer Q&A etc. along with a holistic security awareness and training strategy.
Essential Business Experience and Technical Skills:
Experience in developing or managing application security and vulnerability management programs
Knowledge and experience of industry standard frameworks like BSIMM and SAMM and strong working knowledge of OWASP Top 10 and SANS/CWE Top 25
Experience in a governance function and in engaging with senior stakeholders, reporting metrics and dashboarding and visualization tools like Power BI
Working experience with a variety of application security testing methods & disciplines, white-box/black-box testing, application ethical hacking (AEH) & penetration testing
Strong knowledge of SDLC and working experience with large scale development projects, IDEs & defect tracking systems in an Agile Scrum environment
Preference to candidates with one or more of the following industry recognized certifications: CISSP, CSSLP, CEH, GWEB or GWAPT
Experience creating an effective employee development & retention program
Experience leading geographically dispersed, multinational staff & projects
Excellent communication and facilitation skills
Strong analytical skills with the ability to collect, organize, analyze, and disseminate significant amounts of information with attention to detail and accuracy
Internal Number: 111699
At MetLife, we put customers at the absolute center of everything we do. In fact, we believe technology will transform the customer experience and are investing nearly $300 million in new technologies that will help us innovate and develop new products and services to better serve our customers.We're actively seeking world-class talent for the GTO division, building a diverse, global and highly skilled workforce that is passionate about the same things we are — pushing ourselves to learn and grow, to be efficient, to share experiences and knowledge and to collaborate as a global team.