Security Engineer – Boston, MAFlight Centre Travel Group
Flexible- Boston or Marlborough MA Preferred. Also open to applications from NYC or Montvale, NJ
The FCTG Security Engineer is a technical, business driven leader who will be responsible for driving a comprehensive industry-leading Product Cyber Security function focused on protecting our FCTG Corporate Travel businesses. This leader will bring hands-on experience as well as thought leadership related to the role to the Corporate business, including the product management and engineering community at the intersection of the Secure Software Development Lifecycle (SSDLC), advanced cyber-threats, customer requirements, and business driven values.
The Security Engineer will have a strong understanding of security and privacy principles, standards and frameworks, Agile, DevOps, Continuous Delivery and DevSecOps tooling and processes, experience leading and engaging with talented engineering communities and a sound understanding of the regulatory environment affecting Global businesses.
The Security Engineer requires a keen understanding of the business drivers affecting security within the company, security scanning processes and technologies, cloud security architectures patterns and experience with software engineering and release processes particularly with technologies used in agile and cloud first environment. This individual will be able to apply practicality and assertiveness in both communication of and execution of embedding security within the Corporate Product and Engineering operations.
The Security Engineer will be comfortable communicating with the full range of stakeholders including customer, senior and operational business leaders and also product manager, engineers and DevSecOps team members.
Americas Enterprise Risk/Group CISO
Security and Compliance Director
Product and Engineering leaders
Business leaders (predominantly Corporate)
In house legal teams
Group and regional Chief Privacy Officers
Group IT shared Services Leader
Regional IT and Security leaders
Permanent full time
Residency required in country of employment
Security in Engineering
Work with CISO, Security and Compliance Director and Corporate CXO, CPO, CTOs and Engineers to create and implement a framework to ensure that security and compliance is embedded into product and engineering within our Corporate businesses.
Ensure that the framework meets regulatory and contractual requirements as well as ensuring that controls are appropriate based on the business threat landscape and risk appetite.
Evaluate tools, systems and processes within the pipeline and SDLC to ensure that control objectives continue to be met and drive incremental improvement around reducing blockers and increasing security quality within products.
Develop and drive approaches to identify and prevent security vulnerabilities earlier in the development process in an automated scalable manner and work with engineering to deploy and utilize these approaches
Work with CISO, Security and Compliance Director, Risk and Business Leadership to identify risk exposure and assist in managing the security risk to the organization within the risk appetite
Review and evaluate new security technologies and practices for introduction into the organisation to reduce risk
Implement a systematic and structured process for the identification and management of security risks within the scope of the individuals role.
Develop and maintain a program that informs the FCTG board, business leaders, domain and group leadership of the top security risks and overall security health of products
Lead the implementation and management of an internal and external audit and security testing program to validate compliance with security policy and industry best practice including certification of products against security compliance standards such as ISO 27001, SOC 2 Type II, etc
Security Awareness and business engagement
Coach and mentor devops and engineers in Secure Software Development Lifecycle techniques and tools, use trending and reporting to tailor security awareness focus areas with engineering and devops teams.
Assist the CISO and Security and Compliance Director with the maintenance of the FCTG security standards which will be used to assess maturity and compliance in markets.
Assist the CISO and Security and Compliance Director in working with Sales and Account Management team to meet with customers to provide Information Security expertise.
Work with product and engineering teams to ensure projects and applications are designed and implemented in line with security policy and best practice
Work with business stakeholders to provide security guidance and input,
Creation of customer facing security documentation
Maintain information security responses in internal RFP system and assist business in responding to security questionnaires
Security and Product Risk Management
Assist the CISO, Security and Compliance Director, Business and Internal legal teams in the review, markup and negotiation of the Information Security requirements in customer contracts.
Prepare written reports and in person briefings around areas of non-compliance and contribute to providing options to manage risks associated with non-compliance.
Prepare reports on new trends in customer Information Security requirements.
Feed customer requirements into ongoing assurance activities to ensure ongoing compliance risks are known, owned and managed.
Key Role Requirements
Highly developed leadership and influencing skills
Self-awareness and exceptional ‘EQ’ and soft skills
Demonstrated highly developed oral and written communication skills, with the ability to communicate comfortably with large groups and executives, and to articulate technology visions, risks and solutions to non-technical stakeholders
Ability to collaborate, maintain working relationships with, and gain the trust of stakeholders throughout the organization
Self-motivated and energetic
Excellent attention to detail
The ability to take the initiative, make informed and measured decisions and deliver outcomes from those decisions
The ability to analyze and simplify complex problems, evaluate them systematically, identify causal relationships and construct frameworks for problem solving
The ability to think ahead and establish an appropriate course of action taking into account the constraints imposed
5+ years of experience in information security and development or product management roles
Managerial experience in an information security leadership role
In-depth knowledge of Security frameworks such as ISO27001/2, PCI DSS, SCA, SOC 2, etc
In-depth knowledge of Secure development standards such as OWASP, NIST Top 20
Experience and ability in creating meaningful security reporting
What Flight Centre Travel Group can offer you:
Strengths based culture
Relaxed dress attire
In-house travel planner to book discounted hotel & air
National/International Award Nights
Diversity & Inclusion initiatives
Benefits including vision, medical, and dental after one full month of employment
Generous paid-time off policy
Free and confidential access to our in-house financial advisor (401K, Stock Plan)
Life Insurance, Short/Long-Term Disability, Employee Assistance Program, Health Advocate and MD Live
Proud Corporate Social Responsibility platform through the Flight Centre Foundation and Brighter Futures program supporting nominated charities through Workplace Giving, Volunteering and Fundraising.
Employee giving program
Annual Charity Trip
Office Environmental Program
1 Volunteer Day per Calendar Year
Location: Boston, MA
FCTG USA is an affirmative action-equal opportunity employer searching for talented people who have a desire to build a rewarding, fun, and exciting career with a company that loves to celebrate your success! Please contact email@example.com if you need any assistance.