Sherwin-Williams · 10 hours ago
Oracle Fusion Security and Controls Lead
Cleveland, OH
Full-time
Onsite
Senior Level
$128K/yr - $166K/yr
6+ years expSherwin-Williams is a company dedicated to inspiring and improving the world through innovative solutions. They are seeking a Lead Product Application Security Engineer to oversee the design and integration of a comprehensive security framework for their applications and systems, ensuring adherence to best practices and compliance requirements.
ChemicalManufacturingSales
No H1B
Responsibilities
Oversee comprehensive security assessments for company products, including vulnerability and risk assessments, penetration testing, threat analysis, and secure code reviews to address potential design and implementation vulnerabilities
Drive the development of innovative security features for products, including systems, applications, and/or solutions, ensuring alignment with industry best practices and organizational goals
Manage the integration of new security features and updates into existing products, ensuring seamless integration
Lead efforts to ensure the security of all products is maintained throughout the product lifecycle and mentor junior team members to drive excellence in security maintenance
Ensure code security and standards are consistently enforced and in accordance with organizational policies, and monitor how quickly deviations are resolved
Set high standard for team’s recommendations to ensure that integration and testing issues are resolved completely and accurately
Supervise the development of a standardized set of security product requirements, and oversee the production of metrics to report performance against those requirements, providing strategic guidance to deliver best results
Guide the entire process of reviewing and defining security diagnostics and tools, providing strategic direction and ensuring proper implementation across teams
Manage and guide team as they detect and mitigate security risks, and share expertise with the team to enhance overall response capabilities
Serve as the senior contact for customers regarding product security-related issues, applying expert communication skills and security knowledge to address complex concerns
Lead the development and maintenance of a comprehensive application risk register, applying extensive experience in risk management and documentation
Contribute to the development and maintenance of a disaster recovery plan, driving business continuity efforts in the product security field and ensuring organizational readiness
Facilitate security architecture and design review meetings, sharing expertise and driving the decision-making processes
Qualification
Required
Must be at least 18 years of age
Must be legally authorized to work in the country of employment without needing sponsorship for employment work visa status now or in the future
Bachelor's degree or higher in Information Technology (e.g. Computer Science, Technology Management, Software Engineering, Application Development, Web Development and Design, etc.), or in lieu of a degree, at least 9 years of experience in application security, information security, software development
6-8 years of experience in security engineering, or application security
Excellent with security technologies and standards including OWASP, SANS, and NIST
Extensive knowledge of secure coding practices in various languages and environment (i.e., Java, .NET)
Proven track record with security testing tools such as Fortify, IBM AppScan, or HP WebInspect and techniques such as SAST, DAST, and Penetration Testing
Expertise in security architecture and design principles
Excellent analytical, problem-solving and communication skills
Proven experience with leading a collaborative team
Preferred
CISSP, CSSLP or other relevant security certification preferred
Coordinates and compiles the list of Oracle fusion Cloud Roles, Data Access Sets and Assignments by working closely with Oracle Cloud IT Functional team
Coordinates with GPC team to facilitate SOD (segregation of duties) (SOX compliance) review for Oracle Cloud Roles assignment for both Business and IT teams
Coordinates with GPC/Security team to identify SOX compliance requirements for any other boundary applications in BIOS scope
Coordinates with Identity and Access Management team to integrate IDN with Oracle Cloud and any other needed boundary applications
Coordinates with Internal Audit team and BIOS Testing Lead to ensure that all identified controls are mapped to Test Scenarios for SIT/UAT. Also ensures that appropriate evidence are captured during testing to satisfy Audit control requirements
Act as a primacy contact point from BIOS team for Cyber Security, Identity & Access Management, GPC (Global Privacy) and Internal Audit Teams to clarify any project/initiative related questions and also to help with Jira/Zephyr Scale training or assistance
Benefits
Life … with rewards, benefits and the flexibility to enhance your health and well-being
Career … with opportunities to learn, develop new skills and grow your contribution
Connection … with an inclusive team and commitment to our own and broader communities
From retirement to health care, from total well-being to your daily commute—it matters to us.
A general description of benefits offered can be found at http://www.myswbenefits.com/.
Company
Sherwin-Williams
Sherwin-Williams Company engages in the development, manufacture, distribution, and sale of paints, coatings, and related products.
10001+ employees
Funding
Current Stage
Public CompanyTotal Funding
unknown1964-02-11IPO
Leadership Team
Heidi Petz
Chief Executive Officer
Recent News
2026-01-22
The Motley Fool
2025-12-21
2025-12-05
Company data provided by crunchbase