Functional Lead - Product Security

The Functional Lead - Product Security will be the security owner assigned to products at SHI and responsible for assessing, mapping, and improving upon the implementation of security standards into practices and products across all of SHI.  The candidate will lead the coordination amongst multiple teams to ensure security best practices and efficiencies are in place and regularly gained.  The ideal candidate we are seeking will be a self-starter with a strong understanding of information security best practices, frameworks, and processes, along with excellent technical writing skills.

This position is required to report to the SHI Somerset, NJ office location as determined by SHI management. 

Since 1989, SHI International Corp. has helped organizations change the world through technology. We’ve grown every year since, and today we’re proud to be a $14 billion global provider of IT solutions and services.

Over 17,000 organizations worldwide rely on SHI’s concierge approach to help them solve what’s next. But the heartbeat of SHI is our employees – all 6,000 of them. If you join our team, you’ll enjoy:

• Our commitment to diversity, as the largest minority- and woman-owned enterprise in the U.S.
• Continuous professional growth and leadership opportunities.
• Health, wellness, and financial benefits to offer peace of mind to you and your family.
• World-class facilities and the technology you need to thrive – in our offices or yours. 

Includes but not limited to:

• Build and maintain a qualification practice to own and qualify the security of products and practices by ensuring they meet the organization's security requirements and standards. 

• Map and build security requirements and guidelines into new and existing practices, collaborate with cross-functional teams by representing the security practice to ensure security and expected governance is integrated into all stages of the organization's products and practices. 

• Capture Cyber risks identified within SHI products by using standard frameworks and security expertise. 

• Maintain an inventory and produce regular reports specific to Cyber risks. 

• Ensure alignment with company objectives, industry standards and best practices. 

• Work closely with the security practice to consistently learn and apply the latest practices into assigned tasks and projects. 

• Provide guidance to colleagues on security-related best practices and requirements. 

• Stay up-to-date with the latest security trends, technologies, and best practices. 

• Bachelor's degree in Computer Science, Information Technology, or a related field preferred. 

• 7+ years of information security experience within a mid to large sized company 

• Relevant certifications such as CISSP, CISM, CISA, GIAC, OSCP, IAM, ITIL, or equivalent is a plus. 

• Knowledge and experience with security frameworks and best practices such as NIST, ISO 27001, CSA, Zero Trust, Mitre, etc. 

• Experience or qualified understanding with standard infrastructure security practices for core services such as Active Directory, DNS, etc. 

• Understanding of threat modeling and how to use this skill to identify weaknesses in an assortment of IT products and services such as applications, network designs, etc. 

• Knowledgeable and capable of discussing best practices associated with identity, data protection, device security, network security and monitoring. 

• Technical writing skills, with experience creating and maintaining security documentation. 

• Understanding of security tools and technologies such as SIEM, MDR, XDR, SOAR, endpoint security, network security, and vulnerability management. 

• Strong analytical and problem-solving skills. 

• Excellent communication and interpersonal skills. 

• Ability to work independently and as part of a team. 

• Strong analytical and problem-solving skills
• Excellent communication and interpersonal skills
• Ability to work independently and as part of a team

Preferred Skills/Qualifications

• Knowledge and experience with cloud security best practices.  Framework knowledge is a plus. 

• Experience with AI, SaaS applications and cloud platforms such as AWS, Azure, GCP, etc.   

• Experience working alongside or within a security architecture practice. 

• Familiarity with secure development life cycle (SDLC) and application security. 

• Experience or qualified understanding of security operations practices. 

• The estimated annual pay range for this position is $140,000 - $185,000. The compensation for this position is dependent on job-related knowledge, skills, experience, and market location and, therefore, will vary from individual to individual.
• Equal Employment Opportunity – M/F/Disability/Protected Veteran Status.