Director, Application Security

Olympus Corporation of the Americas
Candiac, Richmond Hill
CAD 100,000 - 125,000
Job description

Olympus Corporation of the Americas

Making people’s lives healthier, safer, and more fulfilling is our ultimate purpose. Being True to Life means creating new solutions, making a positive impact on society, and enhancing the way people live.

For more than 100 years, Olympus has focused on making people’s lives healthier, safer and more fulfilling.

Every day, we live by our philosophy, True to Life, by advancing medical technologies and elevating the standard of patient care so people everywhere can fulfill their desires, dreams, and lives.

Our five Core Values empower us to achieve Our Purpose: Patient Focus, Integrity, Innovation, Impact, and Empathy.

Job Description

The Application Security Lead role will support the Olympus cybersecurity mission. The senior application security cyber-professional will help to solution and lead against an ever-evolving cyber threat landscape and protect critical information assets within the Healthcare and Manufacturing Industry that spans globally across the Americas, China, Asia-Pacific (APAC), and Europe, Middle East, and Africa (EMEA).

The Application Security Lead will:

  • Define and develop the future state application security strategy in collaboration with the Global IT Security Head.
  • Execute the program strategy through oversight of Olympus application security personnel and managed service providers.
  • Lead and oversee application security practices such as build/release management, secure SDLC, automating security processes in CI/CD pipeline, and general automation.
  • Champion appropriate cybersecurity software engineering practices such as static application security testing (SAST), manual code review, software composition analysis (SCA), dynamic application security testing (DAST), quality engineering practices and requirements capturing techniques to the teams to improve end-to-end secure delivery practices.
  • Advocate for and ensure appropriate security practices are communicated and implemented within their application security programs.
  • Lead the development of methodologies to support adherence and awareness of application security practices.
  • Partner with development and operations teams to facilitate practical automation solutions and custom modules, where feasible.
  • Partner with regions and be the key contact for the regional CIO and local business.
  • Collaborate with the other pillars of the Global Information Technology (IT) Security program, including Identity & Access Management (IAM), Governance, Risk and Compliance (GRC), Security Architecture, and Security Operations.

The Application Security Lead will be accountable for providing oversight of the Application Security Task Area and to ensure effective management, collaboration, and coordination of several key cybersecurity support areas including the following:

  • Application Security Strategy
  • Application Security Policy and Standards Management
  • Application Security Architecture, Tools, and Service Providers
  • Application Security Compliance
  • Application Security Metrics, KPIs and Dashboard reporting

In addition, this position will partner with a region and be the key contact for the regional CIO and local business. They will be the point person for coordinating any necessary regional incidents, information security & privacy meetings and ensure any regional needs are addressed appropriately with the Global IT Security team. They will facilitate understanding of local/regional laws and regulations that need to be followed.

Job Duties

  • Lead the definition of Olympus’ Application Security strategy, processes, technologies, and controls.
  • Lead the Application Security team and oversee managed service providers to assist onboarding security tools/technologies.
  • Collaborate with engineering, development and security teams and their leads to create, implement, and apply application security principles, processes, and culture.
  • Provide subject matter expertise in various risk assessments, working in an Agile environment with an understanding of the full software development lifecycle stack.
  • Advocate for software engineering practices such as SAST, DAST, manual code review, SCA, engineering practices and requirements capturing techniques to improve end-to-end secure delivery practices.
  • Act as trusted automation and tooling advisor for application security initiatives by providing objective, practical and relevant ideas, insights, and advice.
  • Partner with a regional CIO to be key contact for security initiatives, understanding and supporting regional business requirements and represent the global security team in Information Security & Privacy and other business meetings.
  • Provide global coordination for regional security incidents or operational issues.
  • Lead, motivate, develop, and appraise team members so that their individual and collective performance is of the required standard and meets the current and future needs of the business.
  • Other responsibilities / duties as assigned.

Job Qualifications

Required:

  • Bachelor’s degree IT/IS/Business/Technology required.
  • One of the major security certifications (ex: CISM, CISSP, CISA, CRISC, CCSK, Certified CISO, PMP, etc.) or commensurate experience.
  • Minimum 10 years of Leadership and/or Management experience.
  • Minimum 10 years of experience with:
    • Application Security Center technologies and processes,
    • Managing projects through the full system development lifecycle, leveraging Agile methodologies,
    • Developing, implementing, or architecting information systems,
    • Technical architecture experience integrating automation into processes and capabilities and early/continuous integration of security through the SDLC,
    • Led global teams in successful organizations.

Preferred:

  • Application Security familiarity in the following areas:
    • Web Application Security
    • Secure SDLC
    • App Penetration Testing
    • Data/Threat Modeling
    • Static/Dynamic scanning
    • CI/CD and orchestration tools
    • Containerization capabilities
    • Cloud security
    • Infrastructure security
    • API security
  • Thorough Knowledge and understanding of Cybersecurity Frameworks, like ISO 27001/27002, NIST, OWASP Top 10, CoBiT, BCM, ITIL, GDPR, ITAR, SOX (JSox) and IT Risk Management.
  • Experience with organizational process improvement concepts and process maturity models (e.g., Capability Maturity Model Integration (CMMI).
  • Experience with Cybersecurity audit preparation and response.

We offer a holistic employee experience supporting personal and professional well-being through meaningful work, equitable offerings, and a connected culture.

Equitable Offerings you can count on:

  • Competitive salaries, annual bonus
  • Comprehensive medical benefits and pension plan
  • Generous Paid Vacation and Sick Time
  • Paid Parental Leave and Adoption Assistance

Connected Culture you can embrace:

  • Work-life integrated culture that supports an employee centric mindset
  • Offers onsite, hybrid and field work environments
  • Paid volunteering and charitable donation/match programs
  • Diversity Equity & Inclusion Initiatives including Employee Resource Groups
  • Dedicated Training Resources and Learning & Development Programs

At Olympus, we are committed to Our Purpose of making people’s lives healthier, safer and more fulfilling. As a global medical technology company, we partner with healthcare professionals to provide best-in-class solutions and services for early detection, diagnosis and minimally invasive treatment, aiming to improve patient outcomes by elevating the standard of care in targeted disease states.

For more than 100 years, Olympus has pursued a goal of contributing to society by producing products designed with the purpose of delivering optimal outcomes for its customers around the world.

Headquartered in Tokyo, Japan, Olympus employs more than 31,000 employees worldwide in nearly 40 countries and regions. Olympus Corporation of the Americas, a wholly owned subsidiary of Olympus Corporation, is headquartered in Center Valley, Pennsylvania, USA, and employs more than 5,200 employees throughout locations in North and South America. For more information, visit www.olympusamerica.com.

Olympus is dedicated to building a diverse, inclusive and authentic workplace. We recognize diversity in people, views and lifestyle choices and emphasize the importance of inclusion and mutual respect. We strive to continue to foster empathy and unity in the workplace so that our employees can fully contribute and thrive.

Let’s realize your potential, together.

It is the policy of Olympus to extend equal employment and advancement opportunity to all applicants and employees without regard to race, color, national origin (including language use restrictions), citizenship status, religious creed (including dress and grooming practices), age, sex (including pregnancy, childbirth, breastfeeding, medical conditions related to pregnancy, childbirth and/or breastfeeding), gender, gender identity and expression, sexual orientation, marital status, disability (physical or mental) and/or a medical condition, genetic information, ancestry, veteran status or service in the uniformed services, and any other characteristic protected by applicable federal, state or local law.

Applicants with Disabilities:

As a Federal Contractor, Olympus is committed to ensuring our hiring process is accessible to everyone. If you need an accommodation in order to complete the application or hiring process, please contact Olympus via email at OCAAccommodations@olympus.com. If your disability impairs your ability to email, you may call our HR Compliance Manager at 1-888-Olympus (1-888-659-6787).

Get a free, confidential resume review.
Select file or drag and drop it
Avatar
Free online coaching
Improve your chances of getting that interview invitation!
Be the first to explore new Director, Application Security jobs in Candiac, Richmond Hill