Sr Director, Secure Development Lifecycle – F&R, Thomson Reuters, Nottingham UK

  • Full Time
  • Nottingham
  • Location: Nottingham
  • Title: Sr Director, Secure Development Lifecycle - F&R
  • Salary: Competitive

Website Thomson Reuters

Thomson Reuters provides professionals with the intelligence, technology and human expertise they need to find trusted answers. We enable professionals in the financial and risk, legal, tax and accounting, and media markets to make the decisions that matter most, all powered by the world's most trusted news organization

This role sits within our Financial & Risk (“F&R”) business.  On January 30, 2018, Thomson Reuters announced that it signed a definitive agreement to enter into a strategic partnership with private equity funds managed by Blackstone related to the company’s F&R business. As part of the transaction, Thomson Reuters has agreed to sell a 55% majority stake in Financial & Risk and will retain a 45% interest in the business.  Thomson Reuters will maintain full ownership of its Legal, Tax & Accounting and the Reuters News businesses. The transaction is expected to close in the second half of the year and is subject to specified regulatory approvals and customary closing conditions. When the transaction closes, this role will be included in the new F&R entity.  Further information on this can be found at

Financial & Risk is looking for a few highly skilled cyber security specialists to help staff a new location in the central business district of downtown Nottingham, UK. This new facility will be home to a number of critical cyber security disciplines, designed to improve the overall security posture of F&R– including its assets, data and operations. Be part of an exciting, fast-paced environment that will help F&R strengthen its position.

F&R’s Information Security & Risk Management (ISRM) team is looking for a strategic, innovative change agent to drive security design principles and requirements into secure development. In this role, you will collaborate with technology peers and dedicated business unit software & product developers to implement security into disparate solutions. This role will be responsible for baking security policy, best practices and guidance across our software development processes.

The ideal candidate will possess the right demeanor, skillset and experience to understand and explain strategic security issues to audiences of mixed technical abilities. A passion and solid understanding of software development, cloud technologies, open-source, and developing the latest technologies in a dynamic agile environment. Able to deal with innovative ideas and solutions, while remaining grounded in solid security practices.

Essential Responsibilities:

Significant hands on software engineering experience
Successful track record of delivering quality results in complex cross-functional projects
Experience with large-scale distributed systems and client-server architectures
Experience leading a complex distributed systems project
Experience with automation, monitoring
Experience with Cloud Computing platforms (e.g. Amazon AWS, Microsoft Azure, OpenStack, Google Compute or App Engine, Hadoop, etc.)
Solid understanding of the Software as a Service (SaaS) model
Java and object oriented development experience
Python, Ruby or other scripting language experience


Bachelor’s degree in an IT discipline
Extensive hands-on experience in software engineeringFully competent in most of the programming languages, software engineering methodologies, and software development tools our team uses:Java, Groovy, jUnit, Spock, SQL, Elasticsearch
Angular2, ngrx, HTML5, JSON
AWS, UNIX/Shell, Jenkins, Gradle
IntelliJ, GIT, TFS
Aspose, JxBrowser
Proven experience within banking or a significantly financially-regulated organisation
Extensive experience of application/product security experience in a large enterprise.Demonstrated and hands-on experience in the following areas:Source code auditing, penetration testing, product assessments, vulnerability research, and reverse engineering
Strong understanding of the software development lifecycle (SDLC).
Willing to travel internationally up to 20%.
Familiarity with common software flaws that lead to exploits, and experience with techniques for securing embedded systems (e.g. ASLR).
Strong experience in conducting static analysis (SAST), dynamic analysis (DAST), security technical implementation guide (STIG), and fuzz testing (FUZZY) and vulnerability scans
Experience with various security tools and products (Fortify, Burp Suite, HP Webinspect, Checkmarx, Nessus, IBM AppScan, etc.)
Experience with common security scoring systems – CVSS v3 and CWSS, and secure coding standards/best practices
Experience identifying and protecting against web application and web service security vulnerabilities including those found in the OWASP Top 10 and CWE Top 25.
Excellent verbal and written communication skills.
Successful candidate should be passionate about open source software and sharing information.  For example, this may include presenting at conferences or working collaboratively within Thomson Reuters.
Industry-related certifications such as CISSP or Amazon Certified Solutions Architect
Must have unrestricted authorization to work in U.K.
Must submit to a background investigation, including verification of past employment, criminal history and educational background

Desired Characteristics:

Familiarity with security automation tools for cloud resources such as AWS, Azure, and Office365
Good business acumen with a successful track record in aligning to business drivers
Strong Report writing and document creation skills, including Microsoft PowerPoint
Critical thinking and analysis skills
Team player with ability to execute in a matrix structure, across time zone and national boundaries
Proven track record of problem solving and creative thinking
Exceptional communication skills
Contributions to the security community such as research, public CVEs, bug-bounty recognitions, open-source projects, and blogs or publications.
At Thomson Reuters, we believe what we do matters. We are passionate about our work, inspired by the impact it has on our business and our customers. As a team, we believe in winning as one – collaborating to reach shared goals, and developing through challenging and meaningful experiences. With more than 45,000 employees in more than 100 countries, we work flexibly across boundaries and realize innovations that help shape industries around the world. Making this happen is a dynamic, evolving process, and we count on each employee to be a catalyst in driving our performance – and their own.

As a global business, we rely on diversity of culture and thought to deliver on our goals. To ensure we can do that, we seek talented, qualified employees in all our operations around the world regardless of race, color, sex/gender, including pregnancy, gender identity and expression, national origin, religion, sexual orientation, disability, age, marital status, citizen status, veteran status, or any other protected classification under country or local law. Thomson Reuters is proud to be an Equal Employment Opportunity/Affirmative Action Employer providing a drug-free workplace.

Intrigued by a challenge as large and fascinating as the world itself? Come join us.

To learn more about what we offer, please visit

More information about Thomson Reuters can be found on

You must register to apply for this job.