Jobs//Hybrid//Product//

Director of Product Security

Morningstar
| Hybrid
Sorry, this job was removed at 11:04 a.m. (CST) on Wednesday, March 2, 2022
View 187 Jobs
Find out who's hiring in Chicago.
See all Product jobs in Chicago
View 187 Jobs
Apply
By clicking Apply Now you agree to share your profile information with the hiring company.
Save job

ABOUT THE TEAM
The Information Security department is responsible for setting enterprise security policies and standards that are designed to protect the confidentiality, integrity, and availability of Morningstar information. The security team offers guidance and technical expertise in areas like application security, infrastructure and cloud security, policies and procedures, disaster recovery and compliance/regulation. We analyze emerging security threats and conduct risk and vulnerability assessments to ensure that our information remains secure.
ABOUT THE ROLE
The Director of Product Security is responsible for the Product Security Program for all of Morningstar's products globally and is key in promoting a security-by-design culture across the organization.
As part of this, the Director of Product security is fostering a security culture, setting global Product Security standards and processes for all product teams, implementing appropriate security controls and tools, and continuously improve the overall program. This role works closely with the Technology Heads of all business units, senior management, as well as central infrastructure teams.
Morningstar is making significant use of AWS and other cloud providers for its products and the Director of Product Security will contribute to the next evolution of Morningstar's Security Program as products are shifting towards a DevSecOps mentality.
The position reports directly to the CISO and is based in our Chicago office with flexible work arrangements.
Job Responsibilities

  • Lead and improve Morningstar's global product security program including a team of Application Security Architects and Application Security Analysts.
  • Partner with the business and product teams to align on product security needs.
  • Define application security standards and processes for all of Morningstar products.
  • Improve security standards, processes, and tooling to support Morningstar's cloud migration and "shift left" of security within the development lifecycle.
  • Collaborate with development teams and security champions across the organization to architect secure products
  • Lead the creation of secure reference architectures and patterns for all product teams to leverage
  • Develop, maintain, and communicate future and current security architecture strategies and models
  • Conduct risk assessments, threat modeling and high-level information security reviews on Morningstar systems, applications, and platforms
  • Work directly with internal business units to communicate risk, provide security remediation advice, and deliver training as needed.
  • Guide the creation and maintenance of secure coding guidelines and training programs to assist internal development personnel
  • Provide product security expertise to support the incident response process.
  • Work with your direct reports and provide development opportunities and insightful coaching.


Qualifications

  • A bachelor's degree and 7+ years' experience in a development or software security / penetration testing / security consulting role, or equivalent experience
  • Ability to create and execute the strategic direction for the application security program
  • Ability to understand business requirements and architect security solutions accordingly
  • Excellent communication skills with the ability to translate complex technical topics to non-technical audiences in an effective manner
  • A strong understanding of software development, architecture, and application security
  • A strong understanding of application security best practices and how to build secure software
  • Experience architecting and deploying applications securely in cloud environments, ideally AWS; or experience performing cloud security reviews.
  • • Strong understanding of common authentication models and protocols (SAML, OAuth, OpenID, etc.) preferred
  • Exposure to Agile and DevOps/DevSecOps processes
  • Expert knowledge of application security vulnerabilities
  • Experience developing and refining Secure SDLC processes
  • Effective teamwork and leadership skills


Nice to have

  • Experience with DAST, SAST, SCA, and similar tools
  • Experience leading application/information security initiatives, or similar experience.
  • Exposure to global teams working in different time zones.


001_MstarInc Morningstar Inc. Legal Entity

Read Full Job Description
Apply Now
By clicking Apply Now you agree to share your profile information with the hiring company.
Save job
By clicking Apply Now you agree to share your profile information with the hiring company.

Technology we use

  • Engineering
    • C#Languages
    • C++Languages
    • JavaLanguages
    • JavascriptLanguages
    • PythonLanguages
    • RubyLanguages
    • ScalaLanguages
    • SqlLanguages
    • D3JSLibraries
    • ReactLibraries
    • ASP.NETFrameworks
    • Backbone.jsFrameworks
    • Ember.jsFrameworks
    • ExpressFrameworks
    • FlaskFrameworks
    • Node.jsFrameworks
    • PlayFrameworks
    • SpringFrameworks
    • MariaDBDatabases
    • MemcachedDatabases
    • Microsoft SQL ServerDatabases
    • MySQLDatabases
    • PostgreSQLDatabases

Location

22 W. Washington , Chicago, IL 60602

An Insider's view of Morningstar

What does your typical day look like?

Every day is a little different. Our team is focused on POC (Proof of Concepts). My work involves problem-solving, development and software design. I work on the Data collections team, currently most of this involves, on a high level, automating the process currently used to collect data from raw sources through Machine Learning.

Upasna

Software Engineer, Data Collections - AI R&D

How does the company support your career growth?

We believe in promoting from within, based on previous impact to the team. Whenever possible, we will stretch our employees to take on expanded roles that aligns with the career progression they are interested in.

Jeff

Head of Technology and Product

What are Morningstar Perks + Benefits

Morningstar Benefits Overview

At Morningstar, your contributions have meaning and can drive change. Across our 27 offices worldwide, we’ve invested in fostering a community where talented, driven people can grow. Our entrepreneurial spirit and uncompromising ethics guide everything we do. It’s all in the name of empowering investors. Morningstar is proud to offer a comprehensive benefits package to eligible, full-time employees in the United States who work a minimum of 30 hours per week. Our benefits are designed to invest in your -- and your family's well-being, including investments in your health and financial future.

Culture
Volunteer in local community
Morningstar encourages our colleagues to become involved in their communities, by providing paid time off for volunteer activities.
Partners with nonprofits
Open door policy
OKR operational model
Team based strategic planning
Open office floor plan
Flexible work schedule
Morningstar provides employees with a flexible work schedule that includes Summer hours, Work from home, Flexible start and end times.
Remote work program
The safety of our employees is very important to us. We have been operating remotely due to COVID-19.
Diversity
Dedicated diversity and inclusion staff
Mandated unconscious bias training
Morningstar encourages unconscious bias training for all employees, especially managers and hiring personal. We believe that by raising awareness of bias we can decrease its effects.
Diversity manifesto
Diversity employee resource groups
Hiring practices that promote diversity
Health Insurance & Wellness Benefits
Flexible Spending Account (FSA)
Morningstar offers two Flexible Spending Accounts (FSA)— one for healthcare expenses and one for dependent care expenses. You may enroll in both $ determine the contribution amount.
Disability insurance
Dental insurance
Our dental plan covers 100% of preventive services, 80% of basic services, and 50% of major services.
Vision insurance
With Morningstar's vision benefits you can get an annual eye exam with an in-network provider with just a $10 copay.
Health insurance
Morningstar continues to offer the choice of two medical plans—the Savings Plan and the Classic Plan. Both are administered by Blue Cross and Blue Shield of Illinois (BCBS).
Life insurance
Morningstar offers 4 tiers of life insurance that offer varying benefits. Basic Life insurance is equal to 1 times an employee's annual salary.
Wellness programs
Mental health benefits
Our insurance covers 80% on in-network mental health services. Our Employee Assistance Program provides no-cost, confidential, 24-hour counseling on a wide variety of issues.
Financial & Retirement
401(K)
Take advantage of a number of Morningstar tools to help you manage your 401(k) account and your finances, including Morningstar Retirement Manager, available to you at no cost.
401(K) matching
Morningstar provides employees with a 401(k) matching plan managed. We match $0.75 for every dollar contributed, up to a maximum of 7% of employee pay contributed to the plan each pay period.
Company equity
Morningstar’s global employee equity benefit, Shared Ownership, enables you to take a portion of your bonus payout and exchange it for RSUs, with Morningstar providing an additional 50% match.
Employee stock purchase plan
Colleagues who exceed their performance goals substantially may be eligible for Impact RSU Awards as an additional reward on top of their cash bonus/commission award.
Performance bonus
Charitable contribution matching
Morningstar's Matching GIfts program will match your charitable giving up to the local currency equivalent of $500 USD per calendar year.
Child Care & Parental Leave Benefits
Childcare benefits
Morningstar offers the option of in-home child and elder care, in addition to the existing day care center back-up care benefit.
Generous parental leave
Morningstar has a global minimum of 6 weeks paid time-off to bond with new family members. This benefit applies to all individuals equally, including birth mothers, fathers, adoptive parents.
Family medical leave
Eligible employees may take up to 12 weeks of job-protected, unpaid leave per year for certain specified reasons, and up to a total of 26 workweeks of leave to care for a family member.
Adoption Assistance
We reimburse up to 80% for eligible adoption expenses, up to $4,000 per adoption, in addition to a minimum of 6 weeks paid time off.
Return-to-work program post parental leave
Company sponsored family events
Morningstar sponsors family oriented events Annually.
Vacation & Time Off Benefits
Unlimited vacation policy
Generous PTO
Paid volunteer time
Our employees receive 2 days per year of paid volunteer time.
Sabbatical
Paid holidays
Paid sick days
Office Perks
Commuter benefits
Company-sponsored outings
Some meals provided
Company-sponsored happy hours
Onsite office parking
Recreational clubs
Fitness stipend
Professional Development Benefits
Job training & conferences
Tuition reimbursement
Lunch and learns
Promote from within
Mentorship program
Continuing education stipend
Continuing education available during work hours
Online course subscriptions available
Customized development tracks
Paid industry certifications

Additional Perks + Benefits

Compensation at Morningstar is more than a salary. It’s about making positive contributions to both life and work. We give our diverse workforce the choice and flexibility they need to maintain their health, retirement plans, time, and professional growth.

View full list of perks + benefits

More Jobs at Morningstar

Apply Now
By clicking Apply Now you agree to share your profile information with the hiring company.
Save job
By clicking Apply Now you agree to share your profile information with the hiring company.
Learn more about MorningstarFind similar jobs like this