Application Security Assurance Director

Pay and Benefits:
 

The Impact you will have in this role:

• Own enterprise application risk outcomes. Lead and mature DTCC’s Application Security program across the SDLC, materially reducing exploitable risk in internally developed, third‑party, and client‑facing applications.
• Build and run a modern AppSec capability. Be accountable for SAST, DAST, FOSS/SCA, penetration testing, threat modeling, API security, and emerging capabilities, ensuring consistent, high‑quality execution aligned to policy and regulatory expectations.
• Drive modernization and scale. Define and deliver a multi‑year AppSec strategy centered on automation‑first, risk‑based controls (e.g., DevSecOps, ASPM, SBOM, API inventory, AI‑assisted testing) that improve coverage, signal quality, and developer experience.
• Embed security by design. Partner with Technology, Architecture, DevOps, Cloud, and Product leaders to integrate security into delivery pipelines without slowing innovation.
• Translate risk into decisions. Provide clear, decision‑ready insights to senior leadership, risk committees, audit, and regulators, with authority to escalate material risk when remediation stalls.
  Create measurable assurance. Establish and track AppSec metrics that demonstrate control effectiveness, risk reduction, and program maturity.
• Lead and grow talent. Build, inspire, and develop a global AppSec organization with strong technical depth, ownership of outcomes, and a culture of continuous improvement.
   

• Deep application security expertise. Proven, hands‑on understanding of modern AppSec practices across secure SDLC, cloud‑native architectures, APIs, and third‑party software risk.
• Enterprise‑scale leadership. Experience leading and scaling AppSec programs in regulated, complex environments with high availability and client impact.
• Risk‑based decision making. Ability to prioritize, articulate, and defend application risk in business terms while balancing delivery velocity and resilience.
• Change and modernization leadership. Demonstrated success modernizing tools, operating models, and processes through automation, metrics, and developer alignment.
• Modern technology fluency. Demonstrated ability to evaluate and responsibly adopt emerging capabilities—including AI‑enabled, model‑driven, and automation technologies—to improve security outcomes, decision quality, and team effectiveness.
• People leadership. Track record of building and leading globally distributed teams, developing leaders, and driving accountability and high performance.
• Influence and communication. Trusted advisor to senior technology and risk leaders; clear, concise communicator with executives, auditors, and regulators.
• Execution under ambiguity. Comfortable operating in complex environments, setting direction, and delivering measurable outcomes.