Head of Application Security

The Company 

Serving the People Who Serve the People 

Granicus is driven by the excitement of building, implementing, and maintaining technology that is transforming the Govtech industry by bringing governments and its constituents together. We are on a mission to support our customers with meeting the needs of their communities and implementing our technology in ways that are equitable and inclusive. Granicus has consistently appeared on the GovTech 100 list over the past 5 years and has been recognized as the best companies to work on BuiltIn.  

Over the last 25 years, we have served 5,500 federal, state, and local government agencies and more than 300 million citizen subscribers power an unmatched Subscriber Network that use our digital solutions to make the world a better place. With comprehensive cloud-based solutions for communications, government website design, meeting and agenda management software, records management, and digital services, Granicus empowers stronger relationships between government and residents across the U.S., U.K., Australia, New Zealand, and Canada. By simplifying interactions with residents, while disseminating critical information, Granicus brings governments closer to the people they serve—driving meaningful change for communities around the globe. 

Want to know more? See more of what we do here.  

Granicus is looking for a Head of Application Security. Granicus is the largest cloud solutions provider for government and provides technology that empowers government organizations to create better lives for the people they serve.

The Head of Application Security (AppSec) will be responsible for all practices and technologies required to drive continuous improvement of secure software development practices across the enterprise.  This role will work closely with security and technology teams to continuously evolve SDLC standards, implement necessary technologies to enable a complete secure SDLC, and work with software development as necessary to support them in improving the security posture of their code.

The Head of Application Security must be collaborative in nature, acting as a true enabler of the business and partner to technology leaders and teams, able to drive security outcomes through influence, and relentlessly focused on establishment of a security-first culture across the company.

• Accountable for definition and establishment of security components of SDLC policies and standards.
• Work with Software Engineering teams to implement necessary technologies to enable appropriate security controls (e.g., SAST, DAST)
• Develop metrics and reporting pertaining to application security, facilitate any reporting and governance forums as necessary.
• Work with software development teams to answer any questions, help interpret security testing results, and provide any other support and education to aide with continuous improvement of development practices.
• Work with external parties as necessary to conduct security testing (e.g., penetration testing)
• Accountable for integration of newly acquired companies into all application security processes.
• Act as escalation point for security incident response and investigation, as appropriate, pertaining to application development matters.
• Provide security design/solution support for new application architecture development.
• Other duties as assigned.

• 5+ years of Information Security and Information Technology experience.
• 5+ years in Software Development, including in leadership positions.
• Broad knowledge across all relevant facets of a holistic, modern application security program, including strong understanding of current and emerging trends and threats.
• Demonstrated track record of efficient, scaled delivery with small teams, directly taking on and providing deliverables.
• Strong understanding of common security and privacy frameworks and regulations (NIST 800-53, GDPR).
• Strong technical aptitude and ability to discuss complicated security/development technical concepts with engineers
• Demonstrated experience with representing security controls to external auditors and/or customers.
• Excellent executive presentation and communication skills.
• Ability to lead through influence, including at executive levels.

Don’t have all the skills/experience mentioned above? At Granicus, we are trying to build diverse, inclusive teams. We do not have degree requirements for most of our roles. If you don’t meet every requirement above but are excited to learn more, we encourage you to apply. We might just be able to find another role that could be a perfect fit! 

Security and Privacy Requirements

-     Responsible for Granicus information security by appropriately preserving the Confidentiality, Integrity, and Availability (CIA) of Granicus information assets in accordance with the company's information security program.

-     Responsible for ensuring the data privacy of our employees and customers, their data, as well as taking all required privacy training in a timely manner, in accordance with company policies.

The Team

- We are a remote-first company with a globally distributed workforce across the United States, Canada, United Kingdom, India, Armenia, Australia, and New Zealand.

The Culture

- At Granicus, we are building a transparent, inclusive, and safe space for everyone who wants to be

a part of our journey.

- A few culture highlights include – Employee Resource Groups to encourage diverse voices

- Coffee with Mark sessions – Our employees get to interact with our CEO on very important and

sometimes difficult issues ranging from mental health to work-life balance and current affairs. 

- Microsoft Teams communities focused on wellness, art, furbabies, family, parenting, and more.-=- - We bring in special guests from time to time to discuss issues that impact our employee

population 

The Impact

- We are proud to serve dynamic organizations around the globe that use our digital solutions to make the world a better place — quite literally. We have so many powerful success stories that illustrate how our solutions are impacting the world. See more of our impact here.

The Benefits 

At Granicus, we offer a competitive benefits package that allows employees to tailor benefits to their needs. Benefits listed below are for employees based in the U.S.

- Flexible Time Off

- Medical (includes an option that is paid 100% by Granicus!), Dental & Vision Insurance

- 401(k) plan with matching contribution

- Paid Parental Leave

- Employer-paid Short and Long Term Disability Insurance, Group Term Life Insurance and AD&D Insurance

- Group legal coverage 

- And more!

Granicus is committed to providing equal employment opportunities. All qualified applicants and employees will be considered for employment and advancement without regard to race, color, religion, creed, national origin, ancestry, sex, gender, gender identity, gender expression, physical or mental disability, age, genetic information, sexual or affectional orientation, marital status, status with regard to public assistance, familial status, military or veteran status or any other status protected by applicable law.