Manager, Application Security

Four Seasons Hotels and Resorts • Full-time • Toronto, ON, CA • 4d ago

About Four Seasons

Four Seasons is powered by our people. We are a collective of individuals who crave to become better, to push ourselves to new heights and to treat each other as we wish to be treated in return. Our team members around the world create amazing experiences for our guests, residents, and partners through a commitment to luxury with genuine heart. We know that the best way to enable our people to deliver these exceptional guest experiences is through a world-class employee experience and company culture.

At Four Seasons, we believe in recognizing a familiar face, welcoming a new one and treating everyone we meet the way we would want to be treated ourselves. Whether you work with us, stay with us, live with us or discover with us, we believe our purpose is to create impressions that will stay with you for a lifetime. It comes from our belief that life is richer when we truly connect to the people and the world around us.

About the location:

Four Seasons Hotels and Resorts is a global, luxury hotel management company. We manage over 120 hotels and resorts and 50 private residences in 47 countries around the world and growing. Central to Four Seasons employee experience and social impact programming is the company’s commitment to supporting cancer research, and the advancement of diversity, inclusion, equality and belonging at Four Seasons corporate offices and properties worldwide. At Four Seasons, we are powered by people and our culture enables everything we do.

The Manager, Application Security is responsible for establishing and enforcing security standards and best practices within Four Seasons development and application portfolio. They conduct regular security assessments, identify vulnerabilities, and work with development teams to remediate them. They will also keep up-to-date with the latest security threats, trends, and countermeasures to ensure that the organization's applications are always protected.

This role is based in Four Seasons Hotels and Resorts, Toronto Corporate Office, reporting to the Senior Director, Global Information Security. This role involves interactions with primarily internal stakeholders at various levels.

Application Security

What You’ll Be Doing

Develop and lead the strategy and roadmap of an enterprise Application Security program.
Effectively collaborate with different internal teams to ensure a comprehensive and cohesive Application Security program.
Develop and implement policies and procedures related to Application Security.
Identify and implement enterprise solutions to address risks.
Establish appropriate relationships and procedures with IT and business units within Four Seasons and establish roles and responsibilities for the Application Security.
Oversee the execution of security risk assessments, vulnerability testing, and code reviews.
Manage and monitor compliance with related Application Security policies and standards
Prepare metrics and reporting for senior leadership to show efficiencies delivered within the Application Security program
Stay up to date with the latest security trends, technologies, and best practices. This includes pursuing relevant certifications, attending industry events, and networking with other professionals in the field.

Leadership And Strategy

Develop and execute a comprehensive application security strategy aligned with business objectives.
Provide guidance and direction to the application security team, fostering a culture of security awareness and accountability.

Secure Software Development Lifecycle (SDLC)

Collaborate with software development teams to integrate security practices throughout the SDLC.
Define and enforce secure coding standards, conduct code reviews, and facilitate secure architecture and design discussions.

Vulnerability Assessment And Management

Implement and manage processes for identifying, assessing, and remediating application vulnerabilities.
Conduct regular security assessments, penetration testing, and code analysis to proactively identify and address security weaknesses.

Security Tools And Technologies

Evaluate, implement, and manage application security tools and technologies to enhance the security posture of software applications. This may include web application firewalls (WAFs), static and dynamic analysis tools, and security testing frameworks.

Security Training And Awareness

Develop and deliver training programs to promote security awareness among development teams.
Educate developers on secure coding practices, common vulnerabilities, and the importance of adhering to secure coding guidelines.

Incident Response And Remediation

Collaborate with incident response teams to investigate and respond to application security incidents.
Lead the remediation efforts and implement measures to prevent similar incidents in the future.

Compliance And Standards

Ensure compliance with relevant industry standards, regulations, and frameworks (e.g., OWASP, PCI-DSS).
Stay abreast of emerging threats and security trends to continuously enhance the application security program.

Who You Are

Demonstrated ability to lead a team of technical experts and run large-scale Application Security projects.
A comprehensive understanding of cybersecurity principles, concepts, and technologies. This includes knowledge of common threats, vulnerabilities, and attack vectors.
Design and execute application security testing strategies.
Strong familiarity with cloud platforms and providers, such as AWS, Azure, and Salesforce.
Evaluate, design, and support the build and implement security solutions for Mobile and Web applications.
Experience developing and delivering application security training and awareness programs for development teams.
Proficiency in programming languages commonly used in web application development.
Familiarity with a variety of the information security and governance concepts, practices, and procedures.
Experience with cloud security, containerization, and DevSecOps practices.
Strong knowledge of incident response processes and procedures.
Ability to clearly communicate with technical and non-technical stakeholders is essential.
Thorough understanding of regulatory and compliance requirements, such as PCI-DSS, GDPR, CCPA, etc.
Understanding of information security principles, including confidentiality, integrity, and availability, and familiarity with cybersecurity frameworks such as NIST Cybersecurity Framework.

What You Bring

5+ years of experience in building and managing an enterprise Application Security program.
Bachelor’s degree or equivalent business qualifications.
Extensive knowledge of security industry standards and best practices such as OWASP, ISO 27001, NIST, and PCI standards.
Strong understanding of security risks, threats, and vulnerabilities and the judgment to assess and articulate risk effectively.
Ability to work collaboratively with internal stakeholders across the organization.
Excellent communication skills, both verbal and written
Strong analytical skills and attention to detail
Strong understanding of network, application, and other technical security controls
Ability to manage multiple projects and priorities simultaneously.
Professional certification such as CISSP, CISM, and OSCP is a plus
Information Security Certification or Accreditation an asset.

This role will be a Hybrid working model, which will require 3 days per week in the Four Seasons Corporate Office located at 1165 Leslie Street, Toronto, Ontario

Four Seasons is committed to providing employment accommodation in accordance with the Ontario Human Rights Code and the Accessibility for Ontarians with Disabilities Act. If contacted for an employment opportunity, please advise Human Resources if you require accommodation.