Location:

For Those Who Work At Home - Various, Ohio 44144

Job Profile Summary

Serves as the senior process owner for DevSecOps processes, tools, and security automation for the Corporate Information Security (CIS) Application Security program. Works closely with cloud security and Policy as Code program lead to ensure applications are built and deployed to conform with configuration baselines. All associated efforts are to promote and advance information security processes and culture, and must reflect compliance with best practices, applicable federal and industry regulations, as well as company information security policies and standards.

Job Description

Required Qualifications:

Bachelor degree preferred; equivalent experience of 8 or more years of combined experience within information technology or information security is acceptableQualified candidate will include 8+ years of broadly based, progressive experience in information systems or information security environments or software engineeringQualified candidate must have experience or be well-versed in development technologies such as Java, Node, or .NET frameworks and have a thorough understanding of web application design and frameworks.Qualified candidate must be able to perform comprehensive static and dynamic application testing following industry-standard testing methodologies and has experience with one or more application review tools such as Snyk, Fortify, Checkmarx, Veracode, Burp Suite, Webinspect, Prisma Cloud, Prisma Compute, CI/CD pipelines, or GitLab security scanners.Ability to lead an enterprise wide information security program and processes related to cloud security and policy as code enforcementMust be able to use command line tools on Mac workstations.Ability to write shell scripts, python scripts, PowerShell scripts, CI/CD pipeline tasks and implement automation workflows using APIsAbility to build and sustain collaborative relationships with multiple constituenciesAbility to translate information security terminology into terms understandable to diverse groupsExcellent written and oral communication skillsExcellent analytical and problem solving skillsExcellent facilitation and negotiation skillsAbility to work independentlyAbility to multi-task and manage competing prioritiesDetail orientedCommitment to teamworkAbility to drive Continuous Improvement efforts

Preferred Skills

Background in application security, DevSecOps practices, cloud development, cloud configurations, and cloud securityAble to guide application and infrastructure teams on application security remediationAble to manage development projects with work intake, sprints, and planned releasesBackground in information security and or organizational communication within the financial services industryUnderstanding of federal and industry regulations associated with information security, such as Sarbanes-Oxley, HIPAA, GLBA, etc.Understanding of application security and cloud security frameworks and standards, such as NIST, CIS, CSA, OWASP, etc.Knowledge of systems architecture such as network and distributed systems, and or mainframe systemsKnowledge of security services such as firewalls, IDS, vulnerability assessment, and authenticationProfessional certification (CISSP, GWEB, OSWA/OSWE, BSCP, or Google Professional Cloud Security Engineer) is desirable

Essential Job Function:

Coordinates the development, implementation, and administration of application security policies and standardsCoordinates and oversees the work of junior team members in application securityDevelopment and other operational tasks to maintain the Application Security testing and DevSecOps program within the CIS Application Security teamCoordinates remediation prioritization and triage efforts for the application security programCoordinates the development, implementation, and promotion of effective information security awareness within the organization with the goal of making all employees, contractors, alliances, and other third parties security awareMonitors compliance with the organization's information security policies and standards among employees, contractors, alliances, and other third parties, facilitating remediation by referring problems to appropriate department managers for resolutionPromotes the availability, integrity, and confidentiality of company data, regardless of mediumProvides direction, guidance, and opinions regarding information security awareness, communication, policies, and standardsAssists with the development of information security training to all employees, contractors, alliances, and other third parties, as required.  Ensures sponsored training conforms to existing policies and standardsDirects the timely dissemination of information security informationServes as an internal information security consultant and liaison to all areas of the organization as a daily activityCommunicate the practical implications of information security decisions, issues and plans to the organizationWorks with management and the CISO to coordinate policy approval by the Information Security, Continuity, and Privacy CouncilCoordinates and promotes the utilization of the Corporate Information Security intranet web site as an information delivery and awareness toolMonitors advancements in information security methodologies and technologiesMonitors changes in legislation standards that may affect information securityParticipates in enterprise-wide information security architecture discussions, as requiredParticipate in and partner with professional information security associations, such as Infragard and ISSASelects and or works with external vendors, outside consultants, and other third parties to improve information security, as requiredAttends conferences and training as required to maintain proficiency

COMPENSATION AND BENEFITS

This position is eligible to earn a base salary in the range of $115,000.00 to $125,000.00 annually depending on job-related factors such as level of experience. Compensation for this role also includes eligibility for short-term incentive compensation and deferred incentive compensation subject to individual and company performance. Please click here for a list of benefits for which this position is eligible.

Please click here for a list of benefits for which this position is eligible.

Key has implemented a role-based Mobile by Design approach to our employee workspaces, dedicating space to those whose roles require specific workspaces, while providing flexible options for roles which are less dependent on assigned workspaces and can be performed effectively in a mobile environment. As a result, this role may be Mobile or Home-based, which means you may work primarily either at a home office or in a Key facility to perform your job duties.

Job Posting Expiration Date: 02/27/2025

KeyCorp is an Equal Opportunity and Affirmative Action Employer committed to building a diverse, equitable and inclusive culture. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status or other protected category.

 

Qualified individuals with disabilities or disabled veterans who are unable or limited in their ability to apply on this site may request reasonable accommodations by emailing HR_Compliance@keybank.com.

#LI-Remote