Principal, Product Security & Program Management
Concord is seeking a Principal, Product Security & Program Management with software development and healthcare IT experience. Reporting to the CISO, this role will serve as Concord’s: 1) Product Security SME- responsible for the direction and delivery of product security services, enabling the business to improve the security of applications being developed at Concord, assisting them in understanding principles of secure coding, and helping them investigate and address security findings in their applications, and 2) Security Program Manager- overseeing high-priority security projects and initiatives by collaborating with cross-functional teams to ensure Concord’s security standards and objectives are met. This role requires strong communication and project management skills, as well as in-depth expertise in security controls and DevSecOps principles. It will require deep technical discussions with our international development teams to understand controls and processes to deliver effective security solutions and enhance the organization's security posture.
Essential Functions:
Product Security
- Engage with product management to ensure product security strategy is understood, agreed upon, and implemented across all Concord product development environments
- Work with senior engineering leadership to provide effective strategies for Application Security, including static scanning (SAST), dynamic scanning (DAST), Software Composition Analysis (SCA), and Penetration Testing
- Collaborate directly with software engineering leaders to integrate security into the product development lifecycle and provide strategic guidance for Secure SDLC and product delivery, including:
- Security design and architecture
- Secure coding standards
- Security testing and remediation
- Perform application threat modeling and Failure Mode & Effects Analysis (FMEA)
- DevOps and DevSecOps integration (CI/CD) security
- Automated product security testing
- Container security testing
Security Program Management
- Develop, implement, and maintain process and framework for managing security projects and initiatives across cross-functional teams, to streamline security efforts, drive timely delivery of security solutions, and enhance accountability and visibility of workstreams
- Enforce security controls across all ongoing security projects with cross-functional teams to ensure adherence to Concord’s security standards
- Routinely deliver project status reports of security projects and initiatives to senior leadership
- Keep abreast of emerging threats, vulnerabilities, and security trends, and recommend proactive measures to enhance the organization's security posture
Position Qualifications:
- Bachelor's degree in Computer Science, Information Technology/Security, or related field (such as Business or Project Management)
- 8+ years' of direct experience in application security, with experience in leadership in designing, implementing, and managing security programs for cloud-based platforms at software development companies
- 5+ years of experience in Healthcare IT Project and Program Management
- Working knowledge of standard industry cybersecurity requirements and regulatory requirements such as OWASP, HIPAA, HITRUST, ISO 27001, NIST 800-53, and PCI-DSS
- Deep technical expertise across multiple technical domains, including cloud computing (AWS or Azure environments), network security, and identity and access management
- Experience with modern delivery methodologies, including Agile, DevSecOps and automated CI/CD workflows
- Experience working with Generative AI, especially securing AI workloads
- Experience in both designing and securing solutions in a regulated enterprise environment
- Experience leading teams focused on Application Security, including application scanning, manual pen testing, threat modeling, offensive security, and software security architecture
- Experience managing complex cybersecurity projects and initiatives, from planning and execution to monitoring and reporting
- Knowledge of multiple project management methodologies with hands-on experience in Agile environments
- Relevant certifications such as CISSP, CISM, PMP or equivalent certifications are highly desirable
- Strong analytical and problem-solving abilities, with a proactive approach to identifying and addressing security risks and issues
The compensation range for this role is $170,000 - $190,000 (plus bonus). Range can flux dependent on experience.
Additional employee benefits at Concord Technologies:
- 401K plan w/ 6% company match (vests immediately)
- Flex-Time off + sick time
- 10 company holidays
- Full suite of health benefits (Medical, Dental, Vision)– employee only coverage covered at 100% (no employee cost). For employees + dependents, Concord covers 60% of premiums.
- Voluntary insurance options:
- Pet insurance
- Employee Life and AD&D
- Spousal Life and AD&D
- Child Life and AD&D
- Paid Parental Leave program
- Free unlimited ORCA card (Seattle area residents)
- Employee Rewards and Recognition through NectarHR
- Unlimited access to Udemy for Business
About Concord Technologies:
Concord Technologies is a provider of secure document exchange, intelligent document automation, and workflow solutions to healthcare providers, payers, and other highly regulated businesses. Concord’s suite of solutions has been providing swift and secure document transmission for more than two decades, transmitting 3 billion pages a year while supporting more than 1,500 organizations every day. The company is also recognized for its best-in-class development of new artificial intelligence technologies and industry-leading applications that help its customers grow and manage their business. Concord’s superior service and forward thinking have been rewarded with a client retention rate of more than 98% year over year.
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, or national origin.
