Director, Global Product Information Security Officer ( PISO )

Pearson   •  

San Antonio, TX

Industry: Business Services


11 - 15 years

Posted 368 days ago


As a direct report to theVP, SecurityArchitecture and Engineering, you will have the following accountabilities:

  • Own the global product security blueprint and architecture for all Pearson’s customer facing products

  • Be the change leader for global product teams to embrace DevSecOps through automation and security integration to CI/CD processes

  • Ensure all Pearson’s cloud digital platforms and products meet key security and compliance requirements

  • Strong leadership skill driven both from business and security perspectives to ensure delivery of product security solutions which are aligned to Pearson’s business needs;

  • Evangelize secure cloud platform & product requirements

  • Serve as a security leader in application development, database and microservice design, container and/or virtual machine technologies, helping project teams comply with enterprise and CISOsecurity policies, industry regulations, and best practices

  • Coordinate incident response, investigation, and resolution of security incidents across global products

  • Provide strategic and tactical security guidance for existing and new product and service deployments across global product teams

  • Effectively consume services from CISO matrix teams providing application security services

  • Communicate the importance and promote awareness of information security, information risk, and privacy to business units, customers and partners within the global product teams;

  • Work closely with fellow CISO teams to ensure consistent value-added security services for the global products and core platforms;

  • Work collaboratively with a diverse, global, and multicultural community;

  • Maintain confidentiality of work related information and materials;

  • Establish and maintain effective working relationships throughout the company;

  • Able to present information to large and small groups, and convey messages to both technical and non-technical audiences;

  • Contributes to the development and maintenance of the information security strategy, policies and standards;

  • Embrace a culture of continuous service improvement and service excellence; and

  • Stay up to date on security industry trends.

Key Success Criteria

  • Security state of global platforms and products measured through a formalized dashboarding process

  • Extent of which security Non Functional Requirements (NFRs) and implemented and tested for new platforms and products

  • Successful adoption of DevSecOps by product teams

  • Extent to which a risk aware culture and secure coding practices are adopted by product teams



  • 12years in Information Security space; with a focus on digital platform and product security

  • Minimum of 10 years of relevant experience in secure SDLC (i.e., Agile, DevOps), threat modelling, risk management, vulnerability management, incident response and security monitoring.

  • In-depth knowledge of application security tool sets used for static and dynamic testing such as Checkmarx, AppSpider

  • Extensive experience in the designing and implementing product and application security controls for both cloud and on-prem

  • BA/BS degree, or equivalent experience, securityqualifications and accreditation appropriate to the region.

  • In-depth understanding of application security frameworks such as OWASP

  • Strong experience in cloud provider ecosystems, including Amazon AWS, Microsoft Azure, and OpenStack.

  • Experience with a broad range of securitytechnologies, including nextgen firewalls, DLP, NAC, IDS/IPS, IdAM, certificate management, SIEM, endpoint protection, anti-malware, vulnerability management and cloud security;

  • Strong oral, written, and presentation abilities - able to convey risk to all levels of the business, from C-level executives to operations and development teams;

  • Strong business acumen with the ability to build business cases for technology initiatives and to effectively communicate the value proposition to non-technical stakeholders

  • Some proven ability in securing the CI/CD pipeline

  • Solid working experience of continuous integration practices & tools (Jenkins, Travis CI, etc…)

  • An established history of working in agile teams


  • An industry recognized professional with proven contribution to product security

  • Knowledge of scripting JSON, Python

  • Well-rounded background in network, host, database, and application security

  • Professional security accreditations (CISM, CCSA, CCSE, JNCIA, CCNA, CISSP, CCIE Security).

    Req ID: 1714973