Information Security Manager - Secure Development

The ISM is responsible for the definition and the operational implementation of the secure development lifecycle within the business areas developing and maintaining customer-facing applications, digital platforms, IoT products and production equipment at the ZEISS COM segment: Develop, document and enforce security policies and standards aligned with the strategy of the organization. Provide professional leadership to the Security Engineers across the segment, providing guidance regarding learning paths and further development. Advise teams on secure design and review architecture proposals. Guide Security Engineers to identify applicable security requirements. Support them in conducting threat modelling and selecting applicable security controls. Oversee the creation of security documentation. Ensure the proper implementation of a secure development lifecycle, including maintenance and the use of security tools, e.g., static and dynamic application security testing, software composition analysis, security monitoring, etc. Oversee the planning and execution of security testing activities, including penetration testing and vulnerability assessments. Together with the security engineers, review findings and define countermeasures. Ensure that the relevant findings are remediated before moving to production. Coordinate Free and Open-Source Software (FOSS)-related activities across the COM Segment. Responsible for ensuring compliance with internal FOSS guidelines in the different functional units. Monitor and review the effectiveness of the secure development lifecycle in the business areas. Report on its progress on a regular basis to the business owners and senior management. Disciplinary responsibility for the local Information Security resources of the COM Segment in Bangalore.Education / Professional Certification University degree in computer science, information technology or related education; with an excellent academic record and ideally focused on security. Holding a valid certification from a well-recognized information security organization is of advantage, e.g., ISC2 CSSLP, CISSP.

Apply Now