As Manager of Application Security, you will design, implement, and oversee the Application Security program at Four Seasons, ensuring all internal applications meet the highest security standards. Reporting to the Senior Director, Global Information Security, you’ll work closely with various internal teams, providing leadership and expertise to enhance our security posture and protect against emerging threats.
What You’ll Be Doing
Application Security Program
- Develop and lead the enterprise Application Security strategy and roadmap.
- Collaborate with IT, development, and business units to ensure cohesive security practices.
- Create and implement security policies, procedures, and risk management solutions.
- Ensure compliance with industry standards such as OWASP, PCI-DSS, ISO 27001, and NIST.
- Monitor and report security metrics to senior leadership, highlighting improvements and efficiencies.
Secure Software Development Lifecycle (SDLC)
- Integrate security practices throughout the SDLC, including code reviews and secure design discussions.
- Define secure coding standards and provide guidance to development teams.
Vulnerability Management
- Manage security assessments, vulnerability testing, penetration testing, and code analysis.
- Identify and remediate application vulnerabilities proactively.
Tools and Technologies
- Evaluate and implement security tools such as WAFs, static/dynamic analysis tools, and testing frameworks.
- Ensure best practices for cloud security and DevSecOps processes, including AWS, Azure, and Salesforce integration.
Training and Awareness
- Develop and deliver training programs to promote security awareness within the organization.
- Educate developers on secure coding practices and common vulnerabilities.
Incident Response and Remediation
- Collaborate with the incident response team to manage and resolve security incidents.
- Lead post-incident reviews and implement preventive measures for future events.
Who You Are
- 5+ years of experience building and managing enterprise Application Security programs.
- Strong understanding of security threats, risks, and vulnerabilities.
- Knowledge of OWASP, PCI-DSS, ISO 27001, NIST, and other security frameworks.
- Experience with cloud platforms (e.g., AWS, Azure, Salesforce) and DevSecOps practices.
- Proficiency in programming languages relevant to web applications.
- Hands-on experience with security tools and processes, such as vulnerability scanning and penetration testing.
- Familiarity with containerization and modern development practices.
- Exceptional communication skills and ability to engage both technical and non-technical stakeholders.
- Professional certifications such as CISSP, CISM, or OSCP are highly desirable.
Skills & Qualifications
- Bachelor’s degree or equivalent experience in Information Security, Computer Science, or related fields.
- Strong project management skills and ability to handle multiple priorities.
- Expertise in incident response and remediation strategies.
- Knowledge of compliance frameworks such as GDPR and CCPA is a plus.
Work Model & Location
This role follows a hybrid work model, requiring 3 days onsite at the Four Seasons Corporate Office, located at 1165 Leslie Street, Toronto, Ontario.
Why Join Us?
- Work in a global organization known for its commitment to inclusion and diversity.
- Be part of a collaborative environment that values career development.
- Competitive salary and opportunities for professional growth through training and certifications.
How to Apply
If you’re ready to join a world-renowned organization and make a meaningful impact, submit your application online.
Four Seasons is committed to providing accommodations under the Ontario Human Rights Code and the Accessibility for Ontarians with Disabilities Act. Please notify us if you require any accommodations during the recruitment process.