Application Security Product Manager

Location Address:  Toronto – 2 days/week (flexible, HM is in Tues-Thurs, team comes in Tuesdays and Thursdays) – need candidates in GTA
Contract Duration: 1 year
Possibility of extension & conversion to FTE
Number of Positions: 1
Schedule Hours: 9am-5pm Monday-Friday; standard 37.5 hrs/week
Reason: Additional workload
Role: Application Security Product Manager

Typical Day in Role:
• Collaborate with stakeholders across the Bank – you will work closely with development and engineering, devops, cloud, application security and other application owner teams across the organization to deliver AppSec capabilities: SAST, DAST, MAST, SCA
• Define the objectives and scope of the product, clearly outlining the problems and risks it's solving.
Product Strategy
• Contribute to the success of our product strategy by driving stakeholder alignment, maintaining a clear RACIs and clearly articulating MVP success criteria and rollout plans
Product Management
• Build and maintain product roadmaps.
• Communicate roadmap progress with stakeholders and clients
• Manage and prioritize the product backlog, along with new features and enhancements we require from the product
• Facilitate forums and prepare the team for constructive collaboration sessions with cross-functional teams, technology and business channels, and control functions
• Define and report on overall product status, metrics, key achievements, next steps and risks with a data-driven approach

Candidate Requirements/Must Have Skills:
1) 10+ years’ relevant academic + working experience
2) 3+ years’ experience as a full-stack Product Manager in an Agile environment, with demonstrated experience in creating roadmaps, scoping, and financing
3) 3+ years’ experience with AppSec domains (at least one of these): SAST, SCA, DAST, API Security
4) 3+ years’ experience with documenting process, requirements, and product information
5) 1+ year’ experience building business cases and demonstrating value of a product and cost-benefit analysis

Nice-To-Have Skills:
1) 3+ years’ experience with CI/CD Pipeline tools and processes like BitBucket/GitHub, Jfrog Artifactory, Ansible, Confluence, Jira, Bamboo etc
2) Experience with deployment and managing IaaS, PaaS & SaaS solutions
3) 3+ years’ experience in the financial industry or tech/startups
4) Experience with AppSec (preferably one of these): tools Veracode, Checkmarx, Fortify, Snyk, Burp Suite etc.

Soft Skills Required:
• Excellent presentation skills – as a Product Manager, you will be the spokesperson for your product to the organization at large
• Proficient at creating presentations and comfortable speaking to a large leadership audience.
• Demonstrable communication capability including verbal presentations to senior leadership

Education:
Undergrad preferred; Work experience prioritized
Security certifications like CISSP an asset

Best VS. Average Candidate:
Ideal candidate is very detail oriented, analytical, organized; strong product manager who has worked in a tech company, startups; excellent presentation skills as these Product Managers are presenting to VPs and SVPs; strong agile experience; strong recent AppSec domain experience

Candidate Review & Selection
1 round – in person – 44 King West – Scotia Plaza
1 hour – technical interview – with HM – going through experience, potential whiteboarding session/scenario-based question shared live in interview to demonstrate candidate thought process

**Note: HM would like to see a work sample during the interview – a presentation or redacted summary of findings they have created they could share prior to interview (once selected and invited)

Hiring Manager’s availability to interview: Tues Jan 14th, Wed 15th, Thurs 16th interview days – please ensure candidates are available to interview one of those days in person
HM away Jan 19-Feb 3rd