Director of Application Security, Runtime Protection (Global Security)
RBC
Job Description
What is the opportunity?
The Director of Application Security (AppSec) Runtime Protection will provide leadership and execution in the area of compliance to security standards & provide security protections for application security to all RBC business and application development teams. The successful candidate will assume the ownership and accountability of the features & capabilities aligned to the AppSec Roadmap to ensure effective pragmatic capabilities are seamlessly integrated and adopted across the enterprise.
What will you do?
Strategic Leadership - Develop, evolve and oversee the execution of the RBC AppSec Runtime Protection Roadmap aligned with the bank's overall security and business objectives. Lead the planning, execution, communication and reporting of AppSec Runtime Protection initiatives in all of financial, resource, scope and schedule aspects
Collaboration and Communication:- Foster an application security-aware culture that highlights the value propositions of application development and application security integration and partnership. Provide subject matter expert thought leadership and direction on application security policy, standard and governance models.
Risk Management and Compliance: Improve Application and API Security by identifying & partnering with stakeholders to remediate gaps in security coverage for external/internal applications. Act as the trusted advisor on application security matters for executives, application development teams, cyber security and risk management groups
Team Leadership and Development: Direct a team of AppSec professionals to introduce effective and pragmatic application security technologies and processes that align with RBC’s application development methodologies. Identify and address skill gaps within the team, ensuring continuous professional development and upskilling.
Innovation and Technology- Stay abreast of industry-leading trends, best practices, technologies; and determine how they align with the strategy. Collaborate with stakeholders in the evaluate and implementation of security tools and technologies to protect applications and APIs effectively.
What do you need to succeed? Must-have:
10+ years of experience in software engineering, infrastructure, or security; with significant time spent in DevSecOps, App Security Engineering roles
7+ years experience in a leadership role building or managing DevSecOps/ SecOps/ SRE teams
Working knowledge of enterprise level languages, e.g. Java, .NET, Javascript, PHP, node.JS
Deep experience with security tools: SAST, DAST, SCA, container scanning
Strong working knowledge of application security technologies such as Checkmarx, Sonatype, JFrog, WebInspect, AppScan, BurpSuite, Blackduck, Snyk
Knowledge of application security frameworks, such as BSIMM, SAMM, ISO27034, BITS, SAFECode
Excellent organizational, communication, interpersonal, motivational skills in achieving business objectives
Nice to have:
Previous experience deploying security tools, or rolling out endpoint/ security agents
Prior experience in banking or financial services/ regulated industries
What's in it for you?
We thrive on the challenge to be our best, progressive thinking to keep growing, and working together to deliver trusted advice to help our clients thrive and communities prosper. We care about each other, reaching our potential, making a difference to our communities, and achieving success that is mutual.
A comprehensive Total Rewards Program including bonuses and flexible benefits, competitive compensation, commissions, and stock where applicable
Leaders who support your development through coaching and managing opportunities
Work in a dynamic, collaborative, progressive, and high-performing team
Ability to make a difference and lasting impact
Opportunities to do challenging work
Opportunities to take on progressively greater accountabilities
#LI-POST
#TechPJ
Job Skills
Adapt Quickly, Always Learn, Application Programming Interface (API) Security, Application Security, Application Security Architecture, Communication, Cross-Team Collaboration, Cyber Security Management, Decision Making, Drive to Impact, Dynamic Application Security Testing (DAST), Information Security Management, Information Technology Security, Infrastructure Penetration Testing, IT Security Architecture, IT Systems Integration, Open Web Application Security Project (OWASP), Security Information and Event Management (SIEM), Web Application Security AssessmentAdditional Job Details
Address:
City:
Country:
Work hours/week:
Employment Type:
Platform:
Job Type:
Pay Type:
Posted Date:
Application Deadline:
Note: Applications will be accepted until 11:59 PM on the day prior to the application deadline date above
Inclusion and Equal Opportunity Employment
At RBC, we believe an inclusive workplace that has diverse perspectives is core to our continued growth as one of the largest and most successful banks in the world. Maintaining a workplace where our employees feel supported to perform at their best, effectively collaborate, drive innovation, and grow professionally helps to bring our Purpose to life and create value for our clients and communities. RBC strives to deliver this through policies and programs intended to foster a workplace based on respect, belonging and opportunity for all.
Join our Talent Community
Stay in-the-know about great career opportunities at RBC. Sign up and get customized info on our latest jobs, career tips and Recruitment events that matter to you.
Expand your limits and create a new future together at RBC. Find out how we use our passion and drive to enhance the well-being of our clients and communities at jobs.rbc.com.