Head of Application Security

Granicus
Summary
Join Granicus as the Head of Application Security and lead the charge in enhancing secure software development practices across the enterprise. You will define and implement security components of SDLC policies and standards, collaborate with engineering teams on security controls, and develop key metrics and reporting. This role requires strong collaboration, influence, and a focus on establishing a security-first culture. The ideal candidate possesses extensive experience in information security, software development leadership, and a deep understanding of application security best practices. Granicus offers a competitive salary and a comprehensive benefits package, including flexible time off, comprehensive health insurance, 401k matching, paid parental leave, and more.
Requirements
- Have 5+ years of Information Security and Information Technology experience
- Have 5+ years in Software Development, including in leadership positions
- Possess broad knowledge across all relevant facets of a holistic, modern application security program, including strong understanding of current and emerging trends and threats
- Have a demonstrated track record of efficient, scaled delivery with small teams, directly taking on and providing deliverables
- Possess a strong understanding of common security and privacy frameworks and regulations (NIST 800-53, GDPR)
- Have strong technical aptitude and ability to discuss complicated security/development technical concepts with engineers
- Have demonstrated experience with representing security controls to external auditors and/or customers
- Possess excellent executive presentation and communication skills
- Have the ability to lead through influence, including at executive levels
Responsibilities
- Be accountable for definition and establishment of security components of SDLC policies and standards
- Work with Software Engineering teams to implement necessary technologies to enable appropriate security controls (e.g., SAST, DAST)
- Develop metrics and reporting pertaining to application security, facilitate any reporting and governance forums as necessary
- Work with software development teams to answer any questions, help interpret security testing results, and provide any other support and education to aide with continuous improvement of development practices
- Work with external parties as necessary to conduct security testing (e.g., penetration testing)
- Be accountable for integration of newly acquired companies into all application security processes
- Act as escalation point for security incident response and investigation, as appropriate, pertaining to application development matters
- Provide security design/solution support for new application architecture development
- Perform other duties as assigned
- Be responsible for Granicus information security by appropriately preserving the Confidentiality, Integrity, and Availability (CIA) of Granicus information assets in accordance with the company's information security program
- Ensure the data privacy of our employees and customers, their data, as well as taking all required privacy training in a timely manner, in accordance with company policies
Benefits
- Flexible Time Off
- Medical (includes an option that is paid 100% by Granicus!), Dental & Vision Insurance
- 401(k) plan with matching contribution
- Paid Parental Leave
- Employer-paid Short and Long Term Disability Insurance, Group Term Life Insurance and AD&D Insurance
- Group legal coverage