Stanley Black & Decker, Inc.
Cyber Program Manager - CISO
Full details on LinkedIn
The complete job description, requirements, and application details are available on the original posting.
View Full Job Details on LinkedInAbout Stanley Black & Decker, Inc.
Stanley Black & Decker, Inc. is a prominent American manufacturer known for its industrial tools, household hardware, and security products. Formed in 2010 from the merger of The Stanley Works and Black & Decker, the company has roots that trace back to the mid-19th and early 20th centuries. Headquartered in New Britain, Connecticut, it operates globally, with nearly half of its sales generated outside the United States. The company offers a wide range of products, including power tools, hand tools, and accessories under well-known brands like DeWalt, Black & Decker, and Craftsman. Its household hardware segment features locks and door hardware from brands such as Kwikset and Baldwin. Additionally, Stanley Black & Decker provides comprehensive security solutions, including electronic security systems. The company is also focused on digital transformation, developing smart tools and incorporating sustainable practices into its operations. With a diverse customer base that includes professional tradespeople, DIY consumers, and commercial clients, Stanley Black & Decker is a key player in the global tools and hardware market.
Security at Stanley Black & Decker, Inc.
Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.
Security Philosophy
- Cooperative, defensive, governance-oriented, and legally cautious.
- Public material frames AppSec as enterprise risk management: encourage responsible disclosure and researcher collaboration under a VDP safe-harbor, prioritize protecting stakeholders and systems, and operate within legal/data-protection constraints.
- The focus is pragmatic risk reduction (identify → investigate → remediate) with oversight tied into corporate governance and investor disclosures.
Security Team
- No public AppSec org chart or named leaders are published on the corporate site.
- Public evidence indicates internal security capability (governance + comprehensive cybersecurity program) and recruitment of technology/security roles via the corporate careers link to an external jobs portal.
- Likely team roles (inferred, not explicitly published): Application Security Engineer, AppSec Lead, Security Engineer, DevSecOps, vulnerability/incident handlers.
- Team size and reporting lines are not disclosed on the site.
Key Initiatives
- Published priorities and operational commitments: 1) Accept and use externally submitted vulnerability reports defensively to mitigate or remediate vulnerabilities across digital products, networks, and vendor apps.
- 2) Acknowledge reports within seven business days and keep researchers informed through investigation and remediation.
- 3) Enforce research constraints and safe-harbor conditions to protect privacy and legal compliance.
- 4) Escalate or engage neutral third parties if communications stall.
- Recommended next steps for deeper intelligence (public sources): review active job descriptions on the company jobs portal for role/tool requirements, examine the Form 10‑K and regulatory filings for governance/oversight detail, and monitor VDP and subdomain/brand sites for policy or program updates (e.g., possible future bug-bounty announcements).
Preparing for an AppSec interview?
Get the weekly briefing 2,000+ security pros trust.
Interested in this role?
Apply on LinkedIn