ProViso Consulting
Story Behind the Need:
• Business group: Cloud & Application Security Product and Architecture– HM’s team is a product group within Cloud and Applications Security
• Project: Cloud Acceleration Program – moving towards Google Cloud – HM is product owner for entire security application portfolio, this contractor will be the product manager for one of the following AppSec capabilities: SAST, DAST, MAST, SCA. Transformation building of new capabilities for application security; creating materials for VP and above (high visibility role)
Candidate Value Proposition:
• The successful candidate will be instrumental in delivering the next generation security products through a large-scale transformation effort at the Bank.
Typical Day in Role:
• Collaborate with stakeholders across the Bank – you will work closely with development and engineering, devops, cloud, application security and other application owner teams across the organization to deliver AppSec capabilities: SAST, DAST, MAST, SCA
• Define the objectives and scope of the product, clearly outlining the problems and risks it’s solving.
• Product Strategy
• Contribute to the success of our product strategy by driving stakeholder alignment, maintaining a clear RACIs and clearly articulating MVP success criteria and rollout plans
• Product Management
• Build and maintain product roadmaps.
• Communicate roadmap progress with stakeholders and clients
• Manage and prioritize the product backlog, along with new features and enhancements we require from the product
• Facilitate forums and prepare the team for constructive collaboration sessions with cross-functional teams, technology and business channels, and control functions
• Define and report on overall product status, metrics, key achievements, next steps and risks with a data-driven approach
Candidate Requirements/Must Have Skills:
• 10+ years’ relevant academic + working experience
• 3+ years’ experience as a full-stack Product Manager in an Agile environment, with demonstrated experience in creating roadmaps, scoping, and financing
• 3+ years’ experience with AppSec domains (at least one of these): SAST, SCA, DAST, API Security
• 3+ years’ experience with documenting process, requirements, and product information
• 1+ year’ experience building business cases and demonstrating value of a product and cost-benefit analysis
Nice-To-Have Skills:
• 3+ years’ experience with CI/CD Pipeline tools and processes like BitBucket/GitHub, Jfrog Artifactory, Ansible, Confluence, Jira, Bamboo etc
• Experience with deployment and managing IaaS, PaaS & SaaS solutions
• 3+ years’ experience in the financial industry or tech/startups
• Experience with AppSec (preferably one of these): tools Veracode, Checkmarx, Fortify, Snyk, Burp Suite etc.
Soft Skills Required:
• Excellent presentation skills – as a Product Manager, you will be the spokesperson for your product to the organization at large
• Proficient at creating presentations and comfortable speaking to a large leadership audience.
• Demonstrable communication capability including verbal presentations to senior leadership
Education:
• Undergrad preferred; Work experience prioritized
• Security certifications like CISSP an asset
Best VS. Average Candidate:
• Ideal candidate is very detail oriented, analytical, organized; strong product manager who has worked in a tech company, startups; excellent presentation skills as these Product Managers are presenting to VPs and SVPs; strong agile experience; strong recent AppSec domain experience
Candidate Review & Selection:
• 1 round – in person
• 1 hour – technical interview – with HM – going through experience, potential whiteboarding session/scenario-based question shared live in interview to demonstrate candidate thought process
• Note: HM would like to see a work sample during the interview – a presentation or redacted summary of findings they have created they could share prior to interview (once selected and invited)