Position summary: The Director of DevSecOps is the senior manager who is responsible for defining, leading, and facilitating the adoption of DevSecOps across the corporate information technology portfolio. The corporate portfolio entails a spectrum of production solutions from proprietary applications to on-premise COTS applications to SaaS applications, along with a combination of on-premise and cloud-based infrastructure & platform services. This role will standup the applicable DevSecOps based approaches across the portfolio to enable the realization of improved time to production and quality of solutions delivered to the corporation. This role will also define the most optimal software delivery methodologies, including various Agile approaches, to deliver technology solutions to the enterprise. The Director will work closely with Infrastructure & Operations, Service Management, Architecture, and Cyber Security counterparts to ensure a consistent, secure, and adaptable approach to enabling continuous delivery of value to the enterprise.
· Lead the DevSecOps strategy and transition of the corporate information technology organization and associated technology portfolio in the adoption of DevSecOps.
· Establish an ongoing focus and collaboration with stakeholders to ensure delivered solutions are timely and bringing increasing value to the enterprise.
· Provide oversight and guidance to the DevSecOps management team to ensure strong coordination and adoption of DevSecOps principles and practices
· Partner with the Solutions Technology Group (STG) on DevSecOps best practices, key technology initiatives, and resource sharing.
· Coordinate with the Cyber directorate to ensure a consistent and holistic application of security practices throughout the solution lifecycle.
· Coordinate with the Business Management Office to define and utilize the applicable lifecycle methodologies for the effective and efficient fulfillment of the corporate information technology portfolio.
· Establish strong partnership with the Infrastructure & Operations (I&O) and Service Management (SM) directorates to standup the necessary monitoring and analytics that facilitates the detection, understanding, and resolution of issues for the overall quality and health of deployed solutions.
· Partner with the Chief Data Officer (CDO) to ensure deployed solutions are enabling and empowering the data initiatives of the enterprise and allowing for the effective and efficient consumption of enterprise information.
· Standup the tools, processes, and disciplines for applicable Continuous Integration (CI) & Continuous Delivery (CD) across the spectrum of the solution portfolio.
· Ensure deployed solutions, including Infrastructure as Code (IaC), are consistent and aligned with the architectural and security direction of the enterprise information technology roadmap.
· Partner with the I&O and Architecture directorates on the establishment of surge and hydration strategies to leverage private and public cloud capacity to facilitate prototyping, testing and deployment needs.
· Provide guidance and direction to the quality assurance team to establish testing as a continuous activity in CI & CD to foster quality deployments
· Be the corporate leader of DevSecOps supporting the exploitation of strategic and tactical business opportunities and be a champion for an innovative, collaborative, and continuously improving culture.
· Be the primary evangelist of the benefits and potential of DevSecOps and help foster the understanding and adoption with stakeholders and team members.
· Be a thought leader on the changing direction of the technology market place and how DevSecOps can best be applied to not only internal company initiatives, but also our external customer base and related initiatives.
· Identify new opportunities for continuous improvement and automation in the corporate information technology portfolio and be a leading change champion for ongoing process improvement initiatives.
· Develop, manage and control the annual budget for the DevSecOps department.
· Establish a strong leadership culture in the DevSecOps department and foster the growth and advancement of emerging talent.
· Actively participate and lead planning initiatives to contribute to the broader development of the information technology roadmap.
· Be a strong advocate and supporter of enterprise initiatives and actively engage in collaborative activities of the corporate information technology directorates.
· Ensure the quality, reliability, and security of delivered solutions meets or exceeds defined performance and compliance measures of the enterprise.
The Director of DevSecOps has an organization consisting of business analysts, software developers, quality assurance resources, change management resources, infrastructure engineers, and cloud computing professionals. Other specialists who may include the following, either as direct reports or matrix team members:
· Program & Project Managers
· System & Database Administrators
· Cyber analysts
· Testing analysts
· Software developers
· Solution Architects
· Network engineers
· Software Configuration analysts
· Business process analysts
· Reporting and Analytics designers
A bachelor's or master's degree in computer science, information science, software engineering or related field, or equivalent work experience. Academic qualification or professional training and experience in business management and business administration is also desirable.
· Fifteen or more years of related experience delivering complex technology solutions to large corporations and user communities.
· Demonstrable experience leading one or more Fortune 1000’s enterprise information technology department’s transition and adoption of DevSecOps leveraging Agile approaches across a varied portfolio of proprietary software, commercial software, and cloud-based services, including infrastructure and platform.
· Extensive experience transitioning hybrid on-premise and cloud-based technology portfolios to a predominately cloud-based portfolio at a software services, platform, and infrastructure levels.
· Extensive experience working with major cloud-based service providers, including Amazon, Microsoft, and Oracle.
· Experience deploying Infrastructure as Code (IaC) in large enterprise, cloud-based architectures
· Experience working with regulated companies and the necessary compliance standards and controls needed for public companies managing regulated data and information systems
· Experience planning and defining technology roadmaps aligned with enterprise business strategies and objectives.
· Extensive knowledge of software frameworks, architectures, and delivery methodologies applied at an enterprise scale
· Strong understanding of defining and establishing the generation of metrics and KPI’s for measuring progress and achievement of business objectives
· Deep knowledge of cyber security standards, tools, and methodologies applied in large enterprise technology environments
· Extensive knowledge of DevSecOps enabling tool sets, including source control, code review, security scanners, CI/CD toolchains, and release orchestration solutions.
· Strong understanding of compliance regulations, including Sarbanes-Oxley and Defense Federal Acquisition Regulation Supplement (DFARS)
· Excellent business acumen and interpersonal skills, able to work across business lines at senior levels to influence and effect change to achieve common goals.
· Demonstrated leadership, proven track record of leading complex, multidisciplinary talent teams in new endeavors and delivering solutions.
· Proven data literacy — the ability to describe business use cases/outcomes, data sources and management concepts, and analytical approaches/options. The ability to translate among the languages used by executive, business, IT and stakeholders.
· Information strategy experience, experience in strategic technology planning and execution, and policy development and maintenance.
· Outstanding analytical and problem-solving abilities.
· Familiarity with business information generation and analysis methods.
· Ability to effectively drive business, culture and technology change in a dynamic and complex operating environment.
· Excellent oral and written communication skills, including the ability to explain digital concepts and technologies to business leaders, as well as business concepts to technologists; the ability to sell ideas and process internally at all levels, including the board and investors.
· Proven record of effective leadership, including the ability to balance team and individual responsibilities; building teams and consensus; getting things done through others not directly under his/her supervision; working ethically and with integrity.