Randstadeos
Associate Director - SSDLC
Regeneron is a leading global biotechnology company that uses the power of science to invent, develop, and commercialize life-transforming medicines for patients with serious diseases. The Regeneron Information Technologies team is seeking candidates for the Associate Director of Secure SDLC Software Development position. This is a hands-on leadership position that requires both deep technical expertise and exceptional people management skills. In this role, the successful candidate will be responsible for the design, engineering, deployment, governance, and level 3 support of the Regeneron Secure Software Development Life Cycle (SSDLC) framework, and solutions, while serving as the managerial focal point for an IT team.
As a Secure SDLC Software Development Associate Director, a typical day may include the following:
· Drive forward the development, enhancement, deployment, communication, and governance of the Regeneron SSDLC roadmap aligned with a comprehensive Cybersecurity strategy.
· Develop and enhance a reliable, scalable, and secure set of SSDLC solutions to efficiently meet business requirements while adhering to the NIST Cyber Security framework.
· Drive a continuous improvement approach to secure the Regeneron SDLC program by defining and enforcing security requirements across the full software development life cycle. This includes the underlying software delivery pipeline, ensuring security is seamlessly and effectively integrated within.
· Develop and operationalize strategies to continuously assess, identify, and mitigate vulnerabilities within the SSDLC ecosystem.
· Serve as the focal point for an onsite IT Team to ensure consistent communications and delivery as well as maintaining day-to-day team direction and tactical support for the onsite IT team members that are delivering other IT related services.
· Provide status and operational updates to Regeneron IT senior leadership on the effectiveness and efficiency of the onsite team.
· Collaborate with leadership on the yearly budget preparation and management of the SSDLC program.
· Define and manage against SSDLC SLAs, utilizing KPIs to provide monthly reporting on the efficacy of SSDLC management tools.
· Develop and document the technical design for the integration and implementation of any new SSDLC software.
· Partner with the Cybersecurity by Design Team, product development, and other key stakeholders to ensure secure design principles are embedded throughout the entire software development lifecycle.
· Partner with software development teams in the architectural design of software solutions to ensure the implementation of secure design principles.
· Stay current on evolving security threats and trends, recommending proactive measures to maintain a secure SSDLC framework.
· Collaborate on the development and delivery of software security awareness training programs.
· Collaborate with the Operations Team to continuously ensure defined SSDLC technologies are effective and efficient in practice.
· Provide Level 3 support for SSDLC-related and security incidents.
· Collaborate with vendors to drive solution optimization and business value.
This May Be the Right Role for You If you:
· Continuously identify opportunities for improving processes and solutions, including the consolidation of similar security needs.
· Collaborate with the team to implement technical best practices, policies, and procedures.
· Have ability to lead training initiatives, demonstrating a capacity to educate teams.
· Have excellent problem-solving skills and attention to detail.
· Excellent verbal and written communication skills, and ability to effectively interact with all personnel from application developers to the CIO, ability to work autonomously and in groups, highly organized, deadline-oriented, continuous-improvement mindset.
· Ability to develop and maintain highly effective relationships and influence others to achieve goals.
· Ability to lead projects and mentor team members.
To be considered for this role, you must have a
BA/BS degree in Computer Science, Computer Information Systems, or a related technical field, along with 10+ years of experience with SSDLC capabilities in a global environment.
You should have strong experience in using SSDLC solutions to secure data within an enterprise and possess end-to-end knowledge in the design, engineering, and operation of a comprehensive SSDLC solution set.
Experience in designing and providing highly available and reliable SSDLC software and processes capable of 24x7 business operations is essential.
A solid level of competence with SAST, SCA, DAST, Jenkins, Groovy, Python, Java, JavaScript, Ruby, R, Kubernetes, AWS, Terraform, and CFT is required.
A working knowledge of Information Security processes, practices, and solutions, as well as experience with regulatory compliance controls, with GxP and SOX being preferred.
Familiarity with relevant security frameworks and compliance standards (NIST CSF, ISO 27001, HIPAA, GDPR, etc.) is a plus.
The candidate must have experience managing a medium-sized team. This is an onsite position; the candidate should possess strong managerial and communication skills.