• Review application security policies, standards, and controls.
  • Investigate S-SDLC process flows and review release / development methodologies (e.g. Agile, Waterfall).
  • Validate the effectiveness of existing application security activities.


  • Develop S-SDLC control processes and procedures.
  • Determine the operating model to engage business units, partners, and other key stakeholders.


  • Provide initial and on-going project management support.
  • Deliver broad awareness campaigns through effective communication.
  • Engage with stakeholders to realize new service implementation at all levels.
  • Co-evolve S-SDLC service delivery capabilities over time.