Application Security Assurance Director

Job Description

Are you ready to make an impact at DTCC?

Do you want to work on innovative projects, collaborate with a dynamic and supportive team, and receive investment in your professional development? At DTCC, we are at the forefront of innovation in the financial markets. We are committed to helping our employees grow and succeed. We believe that you have the skills and drive to make a real impact. We foster a thriving internal community and are committed to creating a workplace that looks like the world that we serve.

Our IT Cyber Security and Resiliency teams work to protect the safety and soundness of our systems and are responsible for identifying, managing, measuring and mitigating a spectrum of key risk types including credit, market, liquidity, systemic, operational and technology in all existing and new products, activities, processes and systems.

Pay and Benefits:

• Competitive compensation, including base pay and annual incentive
• Comprehensive health and life insurance and well-being benefits, based on location
• Pension / Retirement benefits
• Paid Time Off and Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.
• DTCC offers a flexible/hybrid model of 3 days onsite and 2 days remote (onsite Tuesdays, Wednesdays and a third day unique to each team or employee).

• Own enterprise application risk outcomes. Lead and mature DTCC's Application Security program across the SDLC, materially reducing exploitable risk in internally developed, third-party, and client-facing applications.
• Build and run a modern AppSec capability. Be accountable for SAST, DAST, FOSS/SCA, penetration testing, threat modeling, API security, and emerging capabilities, ensuring consistent, high-quality execution aligned to policy and regulatory expectations.
• Drive modernization and scale. Define and deliver a multi-year AppSec strategy centered on automation-first, risk-based controls (e.g., DevSecOps, ASPM, SBOM, API inventory, AI-assisted testing) that improve coverage, signal quality, and developer experience.
• Embed security by design. Partner with Technology, Architecture, DevOps, Cloud, and Product leaders to integrate security into delivery pipelines without slowing innovation.
• Translate risk into decisions. Provide clear, decision-ready insights to senior leadership, risk committees, audit, and regulators, with authority to escalate material risk when remediation stalls.
  
  Create measurable assurance. Establish and track AppSec metrics that demonstrate control effectiveness, risk reduction, and program maturity.
• Lead and grow talent. Build, inspire, and develop a global AppSec organization with strong technical depth, ownership of outcomes, and a culture of continuous improvement.

• Minimum of 10 years of related experience
• Bachelor's degree preferred or equivalent experience

• Deep application security expertise. Proven, hands-on understanding of modern AppSec practices across secure SDLC, cloud-native architectures, APIs, and third-party software risk.
• Enterprise-scale leadership. Experience leading and scaling AppSec programs in regulated, complex environments with high availability and client impact.
• Risk-based decision making. Ability to prioritize, articulate, and defend application risk in business terms while balancing delivery velocity and resilience.
• Change and modernization leadership. Demonstrated success modernizing tools, operating models, and processes through automation, metrics, and developer alignment.
• Modern technology fluency. Demonstrated ability to evaluate and responsibly adopt emerging capabilities-including AI-enabled, model-driven, and automation technologies-to improve security outcomes, decision quality, and team effectiveness.
• People leadership. Track record of building and leading globally distributed teams, developing leaders, and driving accountability and high performance.
• Influence and communication. Trusted advisor to senior technology and risk leaders; clear, concise communicator with executives, auditors, and regulators.
• Execution under ambiguity. Comfortable operating in complex environments, setting direction, and delivering measurable outcomes.