Job Title: Application Security, Sr. Manager
Job Responsibilities:
The Senior Manager, Application Security, SaaS, and Database Security is tasked with the development and leadership of a comprehensive global security program. This program is primarily focused on three critical areas: Application Security, SaaS, and Database Security. The responsibilities associated with this role include:
- Developing and maintaining a strategic roadmap for application, SaaS, and database security that aligns with business objectives and risk management priorities.
- Leading the implementation and operation of application risk assessment and secure development lifecycle (SDLC) practices, which encompass secure coding, SAST/DAST scanning, and code reviews.
- Overseeing SaaS security posture management, conducting risk assessments, and managing configuration across SaaS platforms.
- Establishing enterprise encryption and API security standards.
- Implementing and managing database security configurations and data monitoring to safeguard sensitive information.
- Guiding the enforcement of secure API development, threat modeling, and secure integration across browser and application interfaces.
- Managing security controls and technologies such as CASB, WAF, and other application protection tools.
- Leading SaaS security guidelines, promoting secure-by-design SaaS usage, and managing associated security risks.
- Ensuring the secure deployment of M365, browser extensions, plugins, and GenAI tools through established security controls and policies.
- Developing and maintaining security policies, standards, and procedures for application, SaaS, and database environments.
- Collaborating with development, cloud, and IT teams to integrate security into CI/CD pipelines and cloud platforms.
- Providing leadership and mentorship to a technical team responsible for application, SaaS, and database security.
- Partnering with SOC, IR, and vulnerability management teams to respond to and resolve security issues related to applications, SaaS platforms, and databases.
- Monitoring for anomalies, policy violations, and unauthorized access across applications, SaaS solutions, and data repositories.
- Maintaining compliance with regulatory, privacy, and audit requirements, including ISO 27001, NIST, GDPR, and client-imposed obligations.
- Reporting on key security KPIs/KRIs, risks, compliance gaps, and program maturity to technical and non-technical stakeholders.
- Analyzing information to identify trends, risks, and opportunities for continuous improvement.
- Promoting a secure-by-design framework and DevSecOps practices across development and IT lifecycles.
- Making decisions and recommendations based on risk assessment, industry best practices, and emerging threats.
- Staying current with evolving security trends, technologies, and threat landscapes in application, SaaS, and database domains.
Education and Experience:
Required:
- A Bachelor's degree in information security, IT, risk management, a related discipline, or equivalent experience.
Preferred:
- Professional certifications such as CISSP, CISM, or similar.
Skills and Experience:
- 10-15 years of experience in IT or Information Security, with at least 5 years in a leadership role focused on application, SaaS, or database security.
- Proven ability to build and lead application security or cloud/SaaS security programs at scale, ideally in hybrid or cloud environments.
- Deep understanding of secure software development, DevSecOps, cloud SaaS security models, and database protection practices.
- Experience with tools like SAST/DAST, WAFs, CASBs, cloud security posture management (CSPM), and secure code review platforms.
- Familiarity with NIST, OWASP, ISO 27001, and secure software development frameworks.
- Passion for innovation, automation, and driving continuous improvement in application and cloud security practices.
- Excellent interpersonal, leadership, presentation, and collaborative skills.
Salary Information:
For candidates located in New York, the estimated base salary range for this position is $190,000 to $220,000 at the time of posting. The actual salary offered will depend on various factors, including the qualifications of the individual applicant for the position, years of relevant experience, level of education attained, certifications or other professional licenses held, and, if applicable, the location from which they will be performing the job. This role is exempt, meaning it is not eligible for overtime pay.
