Senior Security Specialist - Information Risk - Assurance
Company: Campbell Soup
Posted on: January 14, 2021
Imagine...working for a company that knows that its people are
the key to its success in the marketplace. A company in which
achieving extraordinary results and having a stimulating work
experience are part of the same process.We cultivate and embrace a
diverse employee population. We recognize that people with diverse
backgrounds, experiences and perspectives fuel our growth and
enrich our global culture.We are looking for an individual who
enjoys working in a fast-paced, team oriented environment, likes to
be challenged, and values the opportunity to make a difference.The
Senior Security Specialist - Information Risk - Assurance will
support the Information Risk Management program within the
Information Technology - Security Department for Campbell's. --The
Risk Management program will align to the strategy of the Company
while addressing the evolution of changes to the global risk
landscape and evolving technologies.
- In this role, you will be responsible for managing the
Information Risk - Assurance function within Campbell's Information
Technology - Security Department. This responsibility will include
management of the process for identification, assessment, and
remediation of vulnerabilities, threats, and configuration issues
within systems and applications in the office and manufacturing
- As the Senior Security Specialist, you will be responsible for
communicating to key stakeholders throughout the organization to
ensure an understanding of the current state of Information
Assurance objects and that identified issues are resolved in a
timely manner. --This lead role is a critical function to the
overall information security program.
- In this role you will report directly to the head of
Information Risk Management.Essential responsibilities will include
but not be limited to:
- Build upon the application security and vulnerability mgt
program using risk management project methodology to validate that
applications and systems are implemented according to specified
design and industry known standards as established by OWASP, Center
for Internet Security (CIS), Microsoft, others. (35%)
- Manage the threat and vulnerability management program to
assess risks and effectiveness of systems currently not within
scope such as: ERP, API's, Network Infrastructure, Manufacturing
Open Source, and security technologies. (20%)
- In partnership with department peers, establish and provide
KPI's to technical teams, senior leadership, and third-party
organizations to analyze and report on effectiveness of
vulnerability/application security program and identify
opportunities for improvement. (10%)--
- Track and report remediation efforts and exceptions (5%)
- Advise and support the Head of Information Risk Management,
Compliance, and Assurance in technical security matters related to
vulnerabilities and best path forward (5%).
- Within context of the existing risk management framework,
expand and manage the DevSecOps program within the Company for use
by internal developers and third parties to ensure that security
processes are effectively implemented during design, development,
and throughout the system lifecycle. (5%)
- Establish testing processes for automated testing including
dynamic and static analysis of code in support of secure coding
practices across the Company. (5%)
- Conduct red-teaming exercises of 3rd party Security Operations
Center to verify that detection and response capabilities are
effective. This may also include overseeing penetration testing on
internal and external applications. (5%)Job Complexity:
- Correctly balances security risk and business impact.
Interfaces with third parties, business analysts, internal and
external IT Audit groups. --
- Understand emerging leading practice for applications including
industrial control systems.
- Proficiencies in finding defects (before attackers) and
effectively communicating how to resolve.
- Ability to effectively communicate risk including corrective
action plans / recommendations to non-technical audiences.
- Ability to create effective reports and presentations to
communicate technical concepts to both technical and non-technical
audiences.We are looking for the following abilities and skills:
- Minimum education required: -- -- -- --Bachelors of Science
- Preferred certifications: -- -- -- -- -- -- -- -- -- CISSP,
- Years of relevant experience: -- -- -- -- --7 + Years.
- Proven experience in managing an outsourced third-party
provider of threat management services.
- Proven history of designing and implementing process and
technology for identifying vulnerabilities.
- A broad cyber-security skillset, able to assimilate and
consider issues from the technical, and business perspective,
supported by a pragmatic attitude to the implementation of security
across multiple business units.
- Strong understanding of systems, applications architecture
within office and emerging better practice within IoT (Internet of
Things) / ICS (Internet Connection Sharing) environments.
- Strong understanding of Secure Development Practices and
development related systems such as Jenkins, Jira and container
- Knowledge of common security vulnerabilities such as OWASP Top
10, SANS Top 25.
- Experience in security testing web applications, mobile
applications a significant plus.
- Experience with cloud security solutions such as Amazon Web
Services (AWS), Microsoft Azure and/or VMware vCloud and/or
- Familiarity with scripts in languages such as Python, BASH, or
- Technical expertise with Information Assurance tools including
but not limited to: Tenable, Qualys, Acunetix, Checkmarx
- Understands emerging better practice for applications including
industrial control systems.
- Demonstrated ability to learn on the job and explore new
technologies with little supervision to identify new and emerging
- Strong technical, communication and interpersonal skills.
- Demonstrated ability to function in a global environment.
- Ability to perform in a challenging, fast-paced technical and
business environment.Working conditions
- Office environment with up to 10-15% travelCSC1The Company is
committed to providing equal opportunity for employees and
applicants in all aspects of the employment relationship, without
regard to race, color, sex, sexual orientation, gender identity,
national origin, citizenship, marital status, veteran status,
disability, age, religion or any other classification protected by
law.In that regard, U.S. applicants and employees are protected
from discrimination based on certain categories protected by
Federal law. Click for additional information.
Keywords: Campbell Soup, Camden , Senior Security Specialist - Information Risk - Assurance, Other , Camden, New Jersey
Didn't find what you're looking for? Search again!