DevSecOps Manager - IT Manager I

Job Description

Blue Cross Blue Shield of Michigan (BCBSM) has an exciting DevSecOps Manager (IT Manager I) opportunity available in within our IT-Cloud and Delivery Services area!

About the Role

The DevSecOps Manager (IT Manager I) will have DevSecOps and Release Management focus.Primary responsibility is to drive DevSecOps practices at the Enterprise level and improve adoption across various IT domains and business segments.Additionally, for overseeing and leading the integration of security practices into the software development and IT operations processes. Will work collaboratively with development teams, IT operations, and security teams to ensure that applications and infrastructure are developed, deployed, and maintained securely.

This DevSecOps Manager opportunity will involve:

• Strategic Planning: Develop and implement a DevSecOps strategy and roadmap that aligns with the organization's goals and objectives.
• Security Integration: Integrate security practices into the software development lifecycle (SDLC) and ensure security is part of the continuous integration and continuous delivery (CI/CD) pipeline.
• Tooling and Automation: Identify, implement, and manage tools and technologies that facilitate automation of security checks and testing within the development process. This involves building pipelines working with the Engineering, QA and deployment teams.
• Security Testing: Coordinate and oversee security testing activities such as static code analysis, dynamic application security testing (DAST), and penetration testing.
• Compliance: Ensure compliance with industry standards and regulations (e.g., SOC, HIPAA, MAR ) and lead efforts to pass security audits and assessments.
• Incident Response: Develop and maintain an incident response plan, and coordinate security incident response efforts when necessary.
• Release Management: Provide direct and indirect support to Release Management teams, supporting cloud-based environments.
• Training and Awareness: Provide training and awareness programs for development and operations teams to increase their security knowledge and awareness.
• Collaboration: Foster collaboration between development, operations, and security teams to facilitate the sharing of security best practices and knowledge.
• Risk Management: Assess and manage security risks associated with the development and deployment of software applications and infrastructure.
• Monitoring and Alerting: Implement security monitoring and alerting solutions to detect and respond to security threats and vulnerabilities.
• Documentation: Maintain documentation related to security policies, procedures, and guidelines.

Additional aspects/functions of this role may include:

• Plan, organize, direct and control, and lead assigned functional area and ensure its alignment with business objectives.
• Operate within broad objectives to ensure optimum utilization of capital, staffing and equipment.
• Oversee the development of corporate standards, technology architecture, technology evaluation and transfer.

"Qualifications"

EDUCATION AND/OR EXPERIENCE

• Bachelor's degree in related field required.
• Seven (7) years of relevant IT and business/industry work experience required.
• Experience in supervising and building relationships with people at all levels required.

DEPARTMENTAL PREFERENCES (Skills/Experience) Include:

• Previous experience in software development and IT operations, with a strong understanding of security concepts and practices.
• Industry certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Information Systems Auditor (CISA).
• Experience with enterprise-scale release management procedures and best practices.
• Proficiency in scripting and automation languages (e.g., Python, PowerShell) and familiarity with CI/CD tools (e.g., Jenkins, GitLab CI/CD).
• Knowledge of security technologies and tools such as intrusion detection systems, vulnerability scanners, and security information and event management (SIEM) systems.
• Strong communication and leadership skills, with the ability to collaborate effectively with cross-functional teams.
• Problem-solving skills and the ability to make decisions under pressure.
• Knowledge of DevOps and agile methodologies.
• Up-to-date knowledge of emerging security threats and trends.
• Strong project management skills to effectively lead DevSecOps initiatives.

All qualified applicants will receive consideration for employment without regard to, among other grounds, race, color, religion, sex, national origin, sexual orientation, age, gender identity, protected veteran status or status as an individual with a disability.