This is an exciting opportunity for a Tier 1 bank as part of large-scale Enterprise Modernization program with long term outlook, great stakeholders to work with, to project manage the implementation of a DevSecOps toolchain. The role involves overseeing the deployment of critical tools to enhance security and development practices across bank applications. The Project Manager will collaborate closely with DevSecOps, Application Security, ServiceNow, and Application teams to ensure seamless integration and adherence to the bank’s modernization objectives.
Key Responsibilities:
Program Planning & Execution:
- Develop and maintain a comprehensive project plan that outlines milestones, timelines, and dependencies for the rollout of the DevSecOps toolchain
- Define the implementation strategy and schedule, ensuring alignment with the broader bank modernization program.
- Manage program cadence with:
- Daily: Stand-up meetings with core teams.
- Weekly: Progress and risk reviews with DevSecOps, App Security, ServiceNow, and Application teams.
- Monthly: Executive updates and reporting on program status, risks, and budget tracking.
- Ensure smooth execution of program phases and timely resolution of risks and issues.
Toolchain Implementation:
- Oversee the deployment and integration of key DevSecOps tools across multiple application teams, ensuring alignment with security and operational standards.
- Specific tools include:
- Version Control: GitHub Enterprise Cloud (GHEC) for code management and collaboration.
- Application Security: Fortify, Snyk, GitHub Advanced Security (GHAS) for static analysis, vulnerability scanning, and code security.
- CI/CD Automation: Implement secure Continuous Integration/Continuous Delivery pipelines using Jenkins, GitHub Actions, and integration with ServiceNow for automation of workflows.
- Ensure that AppSec tools (Fortify, Snyk, GHAS) are integrated effectively within the toolchain and provide comprehensive reporting of security vulnerabilities and remediations.
- Coordinate with Application teams to ensure proper adoption of the new toolchain.
Collaboration & Stakeholder Management:
- Work closely with DevSecOps, App Security, and Application teams to ensure that security practices are embedded within development processes.
- Collaborate with the ServiceNow team to ensure seamless integration of workflows, including change management, incident management, and automation.
- Facilitate regular communication with internal stakeholders, including IT security, risk, and compliance, ensuring that all security policies are followed.
Program Cadence & Governance:
- Establish a structured cadence for program delivery and ensure alignment with modernization goals.
- Organize and lead regular stakeholder meetings to track program progress and address risks and issues.
- Ensure governance processes are followed, including adherence to the bank’s risk and compliance frameworks.
- Report program status to senior leadership, focusing on key KPIs, such as tool adoption rate, security vulnerability resolution, application onboarding progress, and budget vs. actuals.
- Ensure risk management frameworks are in place and adhered to, with continuous monitoring of security and operational risks.
Budget & Resource Management:
- Oversee program budgeting, tracking expenditures, and ensuring that the program remains within the allocated budget.
- Manage and coordinate cross-functional resources, including external vendors, consultants, and internal teams, ensuring all resources are aligned with the program's objectives.
Key Qualifications:
- Bachelor’s degree in Computer Science, Information Technology, or a related field.
- 5+ years of experience in project management, specifically in DevOps/DevSecOps or IT transformation projects within the financial services sector.
- Strong familiarity with DevSecOps toolchains and technologies, including GitHub Enterprise Cloud (GHEC), Fortify, Snyk, and GitHub Advanced Security (GHAS).
- Proven experience leading large-scale technology implementations across multiple applications.
- Experience working with CI/CD pipelines and toolchains, with strong knowledge of security integration.
- Strong understanding of Application Security principles and how they integrate with development practices.
- Experience with ServiceNow for workflow automation and reporting.
- Excellent communication, leadership, and stakeholder management skills.
- PMP or equivalent project management certification is preferred.
Competencies:
- Strong organizational and multitasking skills.
- Ability to work in a fast-paced, high-pressure environment with tight deadlines.
- Adept at managing complex, cross-functional projects involving multiple stakeholders.
- Proven track record of delivering results in DevSecOps and security toolchain implementations.
Program Reporting:
- Weekly status reports, tracking tool adoption, application onboarding, security scan results, and budget utilization.
- Monthly executive reports with insights into project risks, mitigation strategies, and progress toward modernization goals.
#devsecops #modernization