We are seeking a Manager – Application Security to support our cybersecurity team as we protect our customers and the brand. You will develop and lead an application security program that is designed to ensure that all developed software meets exacting company standards while enabling continued innovation to meet customers’ constantly evolving needs. Furthermore, this role partners with multi-functional regional teams to understand the business and technology needs of product teams and to support the implementation of solutions that can be applied globally through common frameworks, deployment guidelines and standards.We are investing heavily in technology to drive our growth. We’re looking at how to use technology to improve the customer experience and build new customer experiences. We’re also exploring technologies that can help us reduce or eliminate repetitive tasks and make employees’ jobs more exciting and rewarding. With all the new projects and initiatives, it is an exciting time to be on the cybersecurity team, helping to make a safer and better organization!Qualifications:Global Technology Risk Management (GTRM) is the team that is ultimately responsible for the securing of the company’s information assets at a global level. This role will directly manage the group within GTRM that is responsible for our cybersecurity architecture vision and strategy, ensuring our technology products and services are protected against current industry threats.The Manager of Application Security must set high-level strategy and direction for those performing these daily activities and clear expectations, goals, and requirements that must be obtained as a measure of success. This position will work closely with cybersecurity experts, Global Technology teams, suppliers, and business leaders to define cybersecurity controls that protect our assets and critical technology.Responsibilities:Mentor and lead a global team of application security professionals.Collaborate with internal and external product and development teams to integrate security tools, standards, and processes into the Secure Software Development Lifecycle (SSDLC).Partner with our front-end digital channel development teams (mobile, web, etc.), back-end platform development teams (Point-of-Sale, eCommerce Platform, etc.), and security service delivery teams to triage and develop plans for remediation of application threats and vulnerabilities, at a global scale.Create and maintain documentation pertaining to integrated security processes and controls.Provide recommendations on Information Security policies and defining governance procedures for secure application development.Craft and deploy application security tools, processes, and documentation to support alignment with OWASP Top 10, Industry Standards, Current Events, and Best-Practices.You will ensure that developers and QA personnel have the appropriate level of security knowledge and support to perform their daily activities.Develop and maintain a technical roadmap to ensure the platform remains relevant among the ever changing threat environment.Translate the technical roadmap to product leadership to help them better understand how security threats and control technology will affect their business objectives.Support the development and testing of playbooks that prepare Application Security to respond to possible security incidents.Establish a governance framework to benchmark the state of said program and the performance of development teams against our current program.Stay up to date on the latest threats and the impacts to the ecosystem and lead brown-bag lunch-n-learns to share details on the latest threats and impacts to McD landscape.Benefits eligible: YesBonus eligible: YesLong term incentive eligible: YesThe expected salary range for this role is $129,800.00 to 165,490.00/ per yearThe above represents the expected salary range for this job requisition. Ultimately, in determining your pay, we may also consider your experience, and other job-related factor
