HBO Manager, Cyber Security Applications in New York, New York | DiversityInc Careers
 

HBO Manager, Cyber Security Applications

Manager, Cyber Security Applications

OVERALL SUMMARY


The IT Security & Compliance team is responsible for HBO’s cybersecurity protection and controls worldwide. This position serves as an applications security and applications architecture standards Subject Matter Expert (SME), concentrating on overall technical and operational effectiveness of HBO business and broadcasting applications providing direct support to the timely and effective development and operational management – monitoring of HBO’s applications.

PRIMARY RESPONSIBILITIES

Work with HBO Media & Tech Ops, Digital Products and other departments to help them develop web applications and location-based services complying with HBO and current global security, privacy and continuity policies and applicable regulations and legislation, while working in an agile environment on a continuous delivery mode. The Manager Cyber Security Applications will oversee and direct the secure development and operations of key HBO consumer and partner services.

This is a hands-on position with exposure to numerous security activities within HBO requiring experience in building secure web services and applications from ground up, ensuring they are ready for launch in a secure state, and maintained and operated in such a way that we can mitigate risks, avoid security incidents and fulfill the requirements.

Constantly monitor and be aware of the latest key developments in the area of web applications, web services security and mobile internet security, relevant regulations and 3rd party requirements. Evaluate their impact on services both in production and under development.

Able to work in international and multi-cultural virtual teams, identify the needed/missing capabilities and contribute in application security training, awareness and competence development by creating and maintaining a security community in HBO.

Provide security validation and awareness on all Over The Top (OTT) products worldwide and monitor their security

KEY RESPONSIBILITIES

 

  • Develop relevant policies, standards, procedures and guidelines thus contributing to HBO Applications security governance, risk and compliance area on Security, Privacy and Continuity related topics.
  • Contribute to developing, maintaining and improving a SDLC.
  • Oversee all security activities within HBO applications given services development and operation projects.
  • Participate in the development of internal security training and awareness
  • Ensure that HBO application teams have the necessary competencies and appropriate tools to fulfill security, privacy and continuity requirements
  • Ensure internal go-live requirements are met
  • Perform and facilitate business impact assessments, risk and threat analysis
  • Manage security testing activities
  • Manage and ensure the successful resolution of identified vulnerabilities
  • As necessary, review and contribute to 3rd party contracts and manage contractors' requirement fulfillment
  • Review and/or conduct internal and external security assessment reports
     


QUALIFICATIONS
 

  • BSc or higher degree in Computing Science, or equivalent experience
  • Relevant work experience in web services and application security management and/or development 5+ years
  • Strong knowledge of information security principles, best practices, architectures, tools and processes
  • Experience in defining and writing policies, standards, procedures and guidelines
  • Knowledge of relevant information security standards e.g. ISO 27001
  • Knowledge of software and network architecture and standards
  • Ability to understand business drivers and priorities, and integrate these requirements into overall security design
  • Knowledge of web technologies and standards such as HTML, JavaScript, SQL, JSON, XML, XHTML, SSL/TLS, REST, SAML, OAuth
  • Experience in secure application development and typical design patterns especially when applied in agile environments targeting for rapid production updates
  • Ability to communicate security objectives orally and in writing to a variety of audiences. Must be able to explain to both a technical and non-technical audience why we don't want to see vulnerabilities like XSS, CSRF, SQLi etc.
  • Self-motivation with the ability to work independently in a global team and as a team member with minimal direction
  • Experience in defining, developing, maintaining and supporting a SDLC in agile / continuous delivery mode organization is a strong plus.
  • Professional security certifications like CISSP, CISA, CISM, CRISC, ISO 27001 Lead Auditor / Lead Implementer or similar are a plus
  • Experience with ISO 27001 standard implementation is a plusSome background in Java, HTML+Javascript, C++, Ruby, SQL is a plus
  • Experience in secure code reviews is a plus