Live chat
Dollar General Corporation


Dollar General Corporation - Goodlettsville, TN

Company Overview
At Dollar General, our customer is at the center of everything we do! We are a fast-moving Fortune 200 publicly-traded company with more than 14,000 stores and 14 distribution centers in 44 states, growing by hundreds of stores each year. We work in an energetic atmosphere that embraces innovation and teamwork. At Dollar General, you can see a clear and fast path to career growth and success. We are committed to attracting talented and motivated people who can advance our mission of Serving Others. Let's Grow Together!
Job Details
Title: Information Security Sr. Manager, Application Security
Department: IT Security
Reports to: CISO
Supervises: IS Sr. Analyst, IS Analyst 
General Summary: 
Responsible for working with the information security management team to administer the Company\u2019s information security programs; maintain Sarbanes-Oxley, HIPAA, and PCI DSS compliance programs; and support a variety of security systems and applications. Recommends, designs, implements, and administers information security controls that meet dynamic tactical and strategic information security objectives.
Responsible for managing the application security team and associated program including, but not limited to: application security standards definition, publication, awareness and training, and compliance; application security testing, tracking, reporting, and escalation; application security regulatory compliance management; application security risk monitoring, analysis, and reporting; application security risk mitigation planning and coordination; and budget planning, invoice management, personnel management, financial management, vendor relationship management, etc.
Duties and Responsibilities: 

Perform static and dynamic application security testing; conduct application security risk and compliance reviews and analysis; identify, recommend, and track progress of security risk mitigation plans; and collaborate with IT and business units to drive risk mitigation plans to completion.
Manage an effective, pragmatic application security program; develop, maintain, and evangelize application security standards and procedures; manage team personnel and financial resources; ensure team members are appropriately trained and aware of performance expectations; and manage customer engagement and service delivery.
Represent the information security department through pragmatic consultation and participation in a defined SDLC, promoting application security best practices and standards.
Promote security best practices via awareness and leadership by example; monitor compliance with policies and regulatory requirements; maintain audit readiness; support internal and external auditors through effective and timely fulfillment of audit requests; and assist in the development of audit responses and action plans.

Knowledge, Skills, and Abilities: 

Strong understanding of current and emerging application security and general information security best practices, technologies, techniques, trends, threats, and countermeasures.
Strong, effective written and oral communications skills and able to communicate to technical and non-technical audiences across multiple levels.
Strong, hands-on experience performing static and dynamic application security tests, assessments, etc. using commercial and other tool sets, manual testing methods, etc.
Strong negotiation skills (e.g., driving internal security recommendations, external vendor action, etc.).
Strong understanding of effective, pragmatic application security controls; risk management and compliance strategies and techniques; and PCI, HIPAA, and SOX regulatory requirements.
Solid understanding of agile and waterfall development methodologies and the efficient and effective integration of application security design and testing processes.
Ability to learn and retain new skills to adapt to evolving business, technical, risk, and security needs.
Ability to work occasionally during non-standard shifts, in an on-call capacity, and able to travel occasionally (up to 5%).

Work Experience and/or Education:
College degree or equivalent experience in information security with a minimum six years information security experience, focused on application security. Active CISSP, CISA, or CISM certification preferred.
Extensive hands-on experience in static and dynamic application security testing using a variety of manual testing methods, commercial and non-commercial tools, best-practice security frameworks (e.g., OWASP ASVS), etc.
Extensive experience holistically managing application security risk associated with architecture, design, operations, and support.
Foundational experience with host operating systems, networking principles, web application firewalls, and associated security controls; network/system vulnerability scanning tools; security information and event management (SIEM); privileged user management (PUM); and governance risk and compliance (GRC).

99 days 22 hours ago

Dollar General Corporation


INFORMATION SECURITY SENIOR MANAGER, APPLICATION SECURITY Dollar General Corporation - Goodlettsville, TN, United States


Location: Goodlettsville, TN

Company Profile:
Goodlettsville, Tenn.-based Dollar General Corporation is the nation's largest small-box discount retailer. We make shopping for everyday needs simpler and hassle-free by offering a carefully edited assortment of the most popular brands at low everyday prices in small, convenient locations. Dollar General ranks among the largest retailers of top-quality brands made by America's most-trusted manufacturers, such as Procter & Gamble, Kimberly Clark, Unilever, Kellogg's, General Mills and Nabisco.