Product Security Associate Architect

As an employee at Thomson Reuters, you will play a role in shaping and leading the global knowledge economy. Our technology drives global markets and helps professionals around the world make decisions that matter.  Whether solving for today’s challenges or tomorrow’s aspirations, you will work with the industry’s brightest thinkers on diverse projects, creating next-generation solutions that deliver powerful results.   As the world’s leading provider of intelligent information, we want your unique perspective to create the solutions that advance our business—and your career. 

About the Role 
As "Product Security Associate Architect" you will:
 

• Use your overall technical security expertise as well as your evangelism skills to ensure successful delivery of our cross-functional Product Security initiatives. Your primary responsibilities include the following: 
• Lead and energize our global security champions’ initiative that represents hundreds of engineers globally. The program is cornerstone to our Product Security mission to make a deep global and sustainable impact on our security posture. 
• Strategize, plan, develop the program’s initiatives to meet our overarching Product Security objectives. 
• Identify and document requirements from our champions to inform strategy. 
• Develop reporting/dashboarding to report on the engagement of security partners and the health of the program (OKRs), through meaningful metrics. 
• Act as our primary liaison person between security partners and Product Security core teams. 
• Bring visibility and strengthen communication across teams. 
• In collaboration with our Software Engineering team, partner with our Product and Product Engineering teams to bake the integration of security requirements in our products development lifecycle in-band of teams’ ways of working and improve the Developer eXperience (e.g., developers tooling, threat modeling, automated analysis, offensive testing/purple team, software supply chain security). 
• Conduct ad-hoc and continuous security maturity assessments at scale (e.g., based on known frameworks like OWASP SAMM) and help with our threat modeling endeavors. 

Secondary responsibilities:

• Co-own our in-house applications roadmaps and ensure timely delivery of capabilities, working hand in hand with our Software Development team to provide UX, data and self-service capabilities that will provide a frictionless experience to engineers. 
• Participate in developing our Product Security training program targeting development, cloud, cloud native technologies. Examples include threat modeling training, organizing CTFs (and building anything that’s required to run it), development of custom labs and partnering with our Security Awareness team. 

About You  
You’re a fit for the "Product Security Associate Architect"  role if your background includes:

• DevOps and application security experience, allowing you to handle challenging, at scale programs over the long haul. You can speak to less technical management folks as well as engineers, as to respectively be able to present your business analysis, yet also delve into technical in-depth security topics with engineers from different horizons. 
• 8+ years in technical roles, including a mandatory minimum of 4+ years working in product/application security. 
• Clear and compelling written and verbal communication; you are an evangelist. You need to build attractive, sustainable security initiatives and maintain interest among a lot of competing priorities. 
• Worked with OWASP SAMM or BSIMM on large scale maturity assessments. 
• Built, experimented and (certainly failed) at running security champions program in mid to large size companies. 
• Driven by metrics to demonstrate the value of the programs you lead. 
• Work and drive strategic programs, pay great attention to details; Help in building a remote friendly culture favoring async communications and outcomes. 
• Love having end to end ownership and responsibility and deliver value. 
• Prior hands-on experience in SRE and/or development functions a plus. 

Skills:

• Deep experience with Secure Development and S-SDLC development programs. 
• Proficiency with security maturity frameworks OWASP SAMM or BSIMM. Good knowledge of NIST (CSF, SSDF), ASVS and others is a big plus. 
• Proficiency and autonomy in leading scaled programs with little to no oversight. 
• Basic knowledge of Snowflake and PowerBI. 
• Exceptional organizational and communication skills (both oral and written), empathy. 
• Azure DevOps “Boards” proficiency is a plus. 
• Bachelor’s degree or above preferred. 

 
What’s in it For You 
Product Security is one of the hottest trends in security. Talents possessing experience and knowledge in this area are in high demand and expanding your horizon and skills will make you stand out of the crowd. 
At Thomson Reuters, our people are our greatest assets. Here are just some of the benefits we offer for your personal and professional growth: 

• You will join our inclusive culture of world-class talent, where we are committed to your personal and professional growth through:
• Hybrid Work Model: We’ve adopted a flexible hybrid working environment for our office-based roles while delivering a seamless experience that is digitally and physically connected.
• Culture: Globally recognized and award-winning reputation for equality, diversity and inclusion, flexibility, work-life balance, and more.
• Wellbeing: Comprehensive benefit plans; flexible and supportive benefits for work-life balance: two company-wide Mental Health Days Off; work from another location for up to a total of 8 weeks in a year, 4 of those weeks can be out of the country and the remaining in the country, Headspace app subscription; retirement, savings and employee incentive programs; resources for mental, physical, and financial wellbeing.
• Learning & Development: LinkedIn Learning access; internal Talent Marketplace with opportunities to work on projects cross-company; Ten Thousand Coffees Thomson Reuters café networking.
• Social Impact: Nine employee-driven Business Resource Groups; two paid volunteer days annually; Environmental, Social and Governance (ESG) initiatives for local and global impact.
• Purpose Driven Work: We have a superpower that we’ve never talked about with as much pride as we should – we are one of the only companies on the planet that helps its customers pursue justice, truth and transparency.  Together, with the professionals and institutions we serve, we help uphold the rule of law, turn the wheels of commerce, catch bad actors, report the facts, and provide trusted, unbiased information to people all over the world.

As a global business we rely on diversity of culture and thought to deliver on our goals. To ensure we can do that, we seek talented, qualified employees in our operations around the world regardless of race, color, sex/gender, including pregnancy, gender identity and expression, national origin, religion, sexual orientation, disability, age, marital status, citizen status, veteran status, or any other protected classification under country or local law. We are proud to be an Equal Employment Opportunity Employer providing a drug-free workplace.

#LI-DD3

Do you want to be part of a team helping re-invent the way knowledge professionals work? How about a team that works every day to create a more transparent, just and inclusive future? At Thomson Reuters, we’ve been doing just that for almost 160 years. Our industry-leading products and services include highly specialized information-enabled software and tools for legal, tax, accounting and compliance professionals combined with the world’s most global news services – Reuters. We help these professionals do their jobs better, creating more time for them to focus on the things that matter most: advising, advocating, negotiating, governing and informing.

We are powered by the talents of 26,000 employees across more than 70 countries, where everyone has a chance to contribute and grow professionally in flexible work environments that celebrate diversity and inclusion. At a time when objectivity, accuracy, fairness and transparency are under attack, we consider it our duty to pursue them. Sound exciting? Join us and help shape the industries that move society forward. 

Accessibility 

As a global business, we rely on diversity of culture and thought to deliver on our goals. To ensure we can do that, we seek talented, qualified employees in all our operations around the world regardless of race, color, sex/gender, including pregnancy, gender identity and expression, national origin, religion, sexual orientation, disability, age, marital status, citizen status, veteran status, or any other protected classification under applicable law. Thomson Reuters is proud to be an Equal Employment Opportunity/Affirmative Action Employer providing a drug-free workplace.

We also make reasonable accommodations for qualified individuals with disabilities and for sincerely held religious beliefs in accordance with applicable law.

Protect yourself from fraudulent job postings click here to know more.

More information about Thomson Reuters can be found on https://thomsonreuters.com.