AARP is a nonprofit, nonpartisan organization, with a membership of nearly 38 million that helps people turn their goals and dreams into 'Real Possibilities' by changing the way America defines aging. With staffed offices in all 50 states, the District of Columbia, Puerto Rico, and the U.S. Virgin Islands, AARP works to strengthen communities and promote the issues that matter most to families such as healthcare security, financial security and personal fulfillment. AARP also advocates for individuals in the marketplace by selecting products and services of high quality and value to carry the AARP name. As a trusted source for news and information, AARP produces the world’s largest circulation magazine, AARP The Magazine and AARP Bulletin.

Information Technology Solutions (ITS) is AARP's technology leader in positive social change and member value, enabling a more effective workforce and globally connecting employees, members, volunteers, partners and advocates to maximize engagement.

The Delivery Lead - Information Security, TVM & SecOps, Sr is a core delivery resource on the Information Security team responsible for ensuring team success by leveraging the appropriate Rapid Delivery methodology for predictable, quality delivery while maintaining a focus on continuous team improvements. This position operationalizes the capability (platform) strategy and will be expected to deliver incremental business value in an agile environment. The Delivery Lead – Information Security, Sr. must be a multi-faceted practitioner able to facilitate activities using multiple delivery methodologies, write technical documentation as needed, manage third-party development and/or consulting resources, and identify innovation opportunities for the team.

This person will work closely with other core roles on the team, including the Director(s) and Engineer(s). All team members will work closely with various stakeholders across AARP and third-party vendors or partners.

Domain Responsibilities

• Drives and coordinates vulnerability identification and remediation efforts, including scanning, penetration testing, and system hardening for all on premise and cloud technology environments
• Coordinates enhancements and integrations with Managed Services for Security Operations and Threat & Vulnerability Management
• Manages relationships with select Managed Security Services Providers
• Oversees operations for Information Security product and service management, such as anti-malware, IDS/IPS, and vulnerability scanning solutions.
• Maintains and updates runbooks for security operations
• Creates integration and validation processes to ensure required security tools are implemented on applicable devices and/or applications
• Works with the Asset Management team to provide up-to-date information on Information Security assets
• Participates in Information Security on-call rotation for 24/7 incident response, where required
• Defines operational initiatives related to Security Operations and Threat and Vulnerability Management to continuously improve its functionality by anticipating issues, providing tool direction, and sharing knowledge and best practices.
• Coordinates with Managed Security Services Providers to provide consistent support across the Information Security domain.

Delivery Responsibilities

Rapid Delivery Coach/Facilitator/Scrum Master

• Integrates Rapid Delivery (Agile or other) principles into team practices and work products.
• Coaches Capability (Platform) Manager and team on backlog refinement and prioritization.
• Facilitates and supports Scrum events as needed and remove impediments to team progress.
• Innovates with delivery practices and frameworks through experimentation to improve the team and their delivery of business and technical outcomes.
• Influences the team to improve collaboration and self-organization.
• Works with other Delivery Leads through a Community of Interest to increase the effectiveness of the application of Scrum within the organization

Business Operations Management

• Ensures the team considers enterprise standards around architecture, information security, agile delivery, quality engineering, service management and user adoption during design and implementation.
• Develops statements of work (SOWs) for any third-party vendors or contractors that adheres to procurement standards and includes outcome-based deliverables.
• Ensures the necessary technical documentation, including governance practices and standards, is created by the team.
• Responsible for work plans, budget, sprints, releases, schedules, resource allocation of all team delivery efforts.
• Coordinates reporting on the capability (platform) team progress, impediments, issues, and impacts to various stakeholders with the Capability (Platform) Manager.

Business Analysis

• Supports the creation of consistent user stories and requirements with the development team and Capability (Platform) manager.
• Verifies that implemented solutions meet defined story objectives and are of high quality.
• Verifies that deliverables from third-party vendors align to executed statements of work.
• Facilitates and participates in all testing activities, including user acceptance testing with key stakeholders.
• Leverages delivery analysis and tools to evaluate, optimize, and improve team output and delivery of business and technology outcomes.

Continuous Improvement/Operations

• Manages ongoing production operations and vendor relationships.
• Identifies issues and spearheads team problem-solving to achieve resolution.
• Drives the collection of feedback and metrics to identify areas of opportunity.
• Works with the team to continuously improve processes, operations, self-service capabilities, and automation where feasible.
• Identifies process, delivery, and governance gaps with the capability team and collaborates with the ITS Transformation team on solution development and implementation.
• Follows ITS DR Policy and Standards.
• Creates DR Plan for identified technology solution.
• Devises testing strategy and/or test plan for the technology solution.
• Provides artifacts to ITRM to validate compliance with ITS DR Policy and Standards.

Desired Education and Certifications

• Completion of a bachelor's degree preferred
• CISSP, CCSP, CISA, or equivalent experience

Work Experience

• 3+ years of Information Security experience
• Experience running application, system, and network security scans, analyzing results, and driving remediation
• Hands-on experience with vulnerability scanning tools, such as Nessus, Qualys, etc.
• Proven ability to coordinate information from disparate sources and drive to actionable results
• Experience coordinating security activities in a complex and changing environment
• Experience managing security products, such as anti-malware, scanning tools, and IDS/IPS
• Demonstrated ability to manage third party vendors
• 10+ years of IT experience and agile delivery methodologies, including Scrum, Kanban, and Lean UX
• Hands-on experience with backlog tracking and task definition
• A demonstrated ability to work within a team and build consensus towards a technical direction
• Technology delivery experience through concept, development, validation, deployment, and support
• Product evaluation through RFI/RFP including working with vendors and internal stakeholder groups
• An understanding of external cloud hosting providers including Amazon Web Services, Microsoft Azure, and Salesforce

AARP offers competitive benefits with a 401K, 100% company funded pension plan, health, dental, vision and life insurance, STD/LTD, paid vacation and sick, and other benefits.

AARP is an equal opportunity employer committed to hiring a diverse workforce and sustaining an inclusive culture. AARP does not discriminate on the basis of race, ethnicity, religion, sex, color, national origin, age, sexual orientation, gender identity or expression, mental or physical disability, genetic information, veteran status, or on any other basis prohibited by applicable law.