Senior Manager, Product & Application Security
Yext (NYSE: YEXT) is building the next big thing in AI search, and the next big thing is answers.
With the explosion of information and data online, search has never been more important. However, while the world of consumer search has innovated over time, enterprise search has not. In fact, the majority of enterprise search is powered by outdated keyword technology that only scans for keywords and delivers a list of hyperlinks rather than actually answering questions. Yext, the AI Search Company, offers a modern, AI-powered Answers Platform that understands natural language so that when people ask questions about a business online they get direct answers – not links.
We have a big, audacious mission to transform the enterprise with AI search. To achieve that, we need bright minds and diverse perspectives to join our growing company and help us continue to disrupt an industry. Does this sound like you?
Yext is actively seeking a Senior Manager, Product and Application Security reporting into the Security Office. This role is critical to mapping our product and engineering strategy with Security disciplines and compliance requirements. This role will enable the product and engineering teams to make the right security & privacy decisions that balance and prioritize proactive defensive needs and longer-term strategic product direction. This role will also help drive the culture and awareness within Yext around Security practices and compliance initiatives.
This person will be an influencer driving product and application security initiatives related to product lifecycle, including software development lifecycle, QA processes, and DevOps management functions. This person will be expected to build this team over time, with support from the CISO and other business leaders. Ideal candidates will have a deep understanding of security fundamentals, technology, applications, managed services, industry best practices, business processes and architectural frameworks and patterns to drive product security maturity and privacy initiatives that meet Yext’s security objectives.
What You'll Do
- Set a strategic vision for evolving Yext’s product & application security posture while aligning with the overall Security Program.
- Drive strategies to play both defense and offense in protecting the product portfolio, while also leveraging our posture as a competitive advantage with our customers.
- Advise the engineering teams and other key stakeholders on best methods for designing security into the product & software development life cycle, ensuring the security and integrity of all Yext’s products.
- Partner with CISO and the other business leaders to establish annual and long-range offensive and defensive security goals, metrics, reporting mechanisms, and create maturity models and a road map for continual program improvements.
- Evangelize Security disciplines across the key constituents in the company, and help drive awareness and adopt/share industry best practices.
- Support and enable security discussions with RFP, marketing and sales teams as appropriate.
- Develop an agile product security program that mitigates risks, strengthen defenses, and reduce vulnerabilities.
- Lead a coordinated transformation of the security office to deliver solutions that are repeatable, reliable, and scalable. Be highly data informed & KPI centric in assessing, managing and mitigating security risks.
- Identify areas of priority by assessing the current information security risk environment, understanding potential threats, identifying trends, assessing system vulnerabilities, conducting regular and ongoing monitoring of organizational compliance with standards and policies, and recommend courses of action to key stakeholders.
- Build and manage a distributed Security Champion program with deep roots and engagement in the engineering organization.
- Create a collaborative environment where security is seen as an enabler to the business, rather than an impediment.
- Recruit and develop a leading offensive and defensive security staff, ensure the team is knowledgeable and cross-trained, and that opportunities are afforded to staff to develop and maintain their skills at the highest standards.
What You Have
- Bachelor’s Degree in Information Technology or related field of study or similar level college education
- 7 - 10 years of relevant work experience in infrastructure or Security Engineering including management of technical teams.
- Experience in software development, ability to guide and mentor a technical engineering team in coding and scripting best practices.
- Good understanding of modern application security frameworks and offensive security toolkits.
- Self-motivated team player that is energetic, with excellent interpersonal, organizational, and conflict-resolution skills
- Strong leadership and negotiation skills with business and technical groups.
- Experience presenting to C-level executives.
- Strong problem-solving, critical thinking and analytical skills.
- High degree of flexibility, independence, initiative, and detail orientation.
- Ability to present complex ideas in easy-to-understand language.
In today's dynamic threat environment, software firms are increasingly acknowledged as a highly-targeted industry for cyberattack due to the confidentiality and sensitivity of customer data, as well as the immediacy in which that data is needed to perform their operational duties. Given Yext’s vital role within the software ecosystem, protection of data is paramount in ensuring high-trust relationships with customers, partners and vendors.
#LI-JB1
Yext is committed to building an inclusive and diverse culture where every person is seen, heard and valued. We believe in equal employment opportunity and welcome employees and applicants of all races, colors, ethnicities, religions, creeds, national origins, ancestries, genetics, sexes, pregnancy or childbirth, sexual orientations, genders (including gender identity or nonbinary or nonconformity and/or status as a trans individual), ages, physical or mental disabilities, citizenships, marital, parental and/or familial status, past, current or prospective service in the uniformed services, or any characteristic protected under applicable law. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. It is Yext’s policy to provide reasonable accommodations to people with disabilities as required by law. If you have a disability that requires an accommodation in completing this application, interviewing, or participating in the employee selection process, please complete this form.