Head of DevSecOps
This role is responsible for integrating three existing ECS programs (IT Hygiene, Cloud Security & Software Security) to align their strategic direction with the business' “Cloud First” strategy to introduce and enable the principles of a DevSecOps culture, which include values such as learning/trying out new solutions, working collaboratively across teams, striving for innovation and continuous improvement, continuous feedback loops, etc.
o The purpose of aligning these three programs under one leader is to allow for operational efficiencies and synergies across the program and to cross pollinate techniques used successfully in the software security program and on-prem today in IT Hygiene with building a mature cloud security program.
o This role will interface directly with the Head of Cloud, enabling a strong partnership between delivery, engineering and risk management teams to ensure the seamless execution of security controls are embedded from the beginning.
· IT Hygiene : redesign core IT infrastructure deployment and change management practices to reduce security defects and improve productivity focusing on the pillars of vulnerability management, asset management and configuration management.
· Cloud Security: defines cloud security control and configuration settings required for selected cloud service providers aligned with control standard technical procedures that define resiliency and security requirements for the selected cloud service providers. The program measures its health by determining the consistency of applying these standards and procedures to all instances or accounts with cloud service vendors.
· Software Security : empowers dev ops team to deliver defect free code to increase security and maximize tangible productivity benefits to MassMutual's business.
· Lead transformation of culture and mindset to enable security through automation, continuous integration pipelines and overall improvements in efficiency and effectiveness
· Transform operational procedures to achieve engineering excellence, aligned with the business goals and objectives of moving to a Cloud First strategy
· Enable consistent IT hygiene (asset, configuration & vulnerability management) best practices across on-prem and off-prem/cloud environments; solutions may vary based on environment, but the intent of the controls and measurements of success should be consistent regardless of cloud or non-cloud
o Partner closely with the Head of Technology, Service & Resiliency (TS&R) to ensure principles are embedded in TS&R teams' BAU procedures
· Continue to embed best in class software security principles through integration of core Software Security competencies into all Application Development teams at MassMutual
o Partnering with the respective BISO, this leader will develop strong relationships with respective Application Development leaders to reduce the defect density and increase the BSIMM score.
- Skills, Knowledge & Experience:
- 10+ years working in a Cybersecurity, Software Development or other IT related field
- 5+ years of leadership experience
- 3+ years working in a DevOps or DevSecOps environment/culture
- Trained in change management techniques for enabling change across the environment
- Strong relationship management skills for collaborating with and influencing other IT leaders
#LI-MC1
MassMutual is an Equal Employment Opportunity employer Minority/Female/Sexual Orientation/Gender Identity/Individual with Disability/Protected Veteran. We welcome all persons to apply. Note: Veterans are welcome to apply, regardless of their discharge status.
]]>