Director Application & Data Technology Risk

Director Information Security - IS06AE
We're determined to make a difference and are proud to be an insurance company that goes well beyond coverages and policies. Working here means having every opportunity to achieve your goals - and to help others accomplish theirs, too. Join our team as we help shape the future.

The Director, Application & Data Technology Risk provides senior leadership for identifying, assessing, and managing technology risks across the enterprise application landscape. This role focuses on application-driven risks throughout the software development lifecycle (SDLC), including design, development, deployment, and ongoing operations, while maintaining strong awareness of data risk, sensitive data exposure, and risks associated with the use of artificial intelligence (AI), automation, and emerging technologies.

The Director serves as a trusted risk advisor to CIOs and senior technology leaders, partnering to enable modern application delivery while ensuring risks are understood, clearly communicated, and managed in alignment with enterprise risk appetite, regulatory expectations, and business priorities.

This role will have a Hybrid work schedule, with the expectation of working in an office (Columbus, OH, Hartford, CT or Charlotte, NC) 3 days a week. Candidates must be eligible to work in the US without company sponsorship

Key Responsibilities

Application & Technology Risk Leadership

• Lead the identification and management of application-level technology risks, including secure design, SDLC controls, configuration weaknesses, dependency risks, and operational resilience.
• Provide risk oversight across the end-to-end application lifecycle, including requirements, architecture, development, testing, release, and production support.
• Assess risks introduced through modern engineering practices, including agile delivery, DevOps, CI/CD pipelines, APIs, cloud-native services, and third-party integrations.
• Partner with application, platform, and security teams to promote adherence to security, infrastructure, and engineering control expectations.

• Evaluate data risk and sensitive data exposure within applications, including unauthorized access, data leakage, improper transmission, retention weaknesses, and aggregation risk.
• Provide risk guidance on AI, GenAI, and automation use cases, with emphasis on data sourcing, access governance, explainability, monitoring, and emerging regulatory or ethical risks related to technology.
• Maintain awareness of evolving risks associated with AI adoption and emerging technologies, ensuring they are incorporated into application risk assessments and governance.

• Maintain strong understanding of infrastructure and cloud dependencies (e.g., identity and access management, logging and monitoring, network security, encryption, resiliency) that directly influence application risk.
• Partner with infrastructure, cloud, and cybersecurity teams to assess shared-responsibility risk impacts on applications.

• Serve as a trusted risk partner to CIOs and senior technology leaders, supporting informed decision-making while enabling delivery.
• Translate complex technical risks into clear, business-relevant risk narratives that articulate impact, likelihood, trends, and tradeoffs.
• Present concise risk perspectives to senior leadership, technology governance forums, and risk committees, focusing on decision-oriented insights rather than issue listings.
• Influence prioritization decisions by balancing business value, delivery timelines, and risk exposure.

• Own and deliver application and data technology risk reporting for senior leadership, highlighting trends, concentration risk, and systemic control gaps.
• Define, monitor, and mature risk metrics, KRIs, and leading indicators related to application security, data exposure, DevOps maturity, and AI.
• Identify patterns across findings and assessments to surface root causes and enterprise-level risk themes.
• Support audit, regulatory, and internal governance activities by representing application, data, and AI risk topics with credibility and consistency.

• Lead, coach, and develop a team of technology risk professionals focused on application and emerging technology risk.
• Promote a culture of partnership, transparency, and accountability across technology and risk teams.

• 10+ years of experience in technology risk management, application security, IT audit, engineering, or related domains.
• Strong working knowledge of application architectures, SDLC, DevOps practices, and CI/CD pipelines.
• Demonstrated experience assessing data risks and data exposure within application environments.
• Practical understanding of AI and automation risks, including model governance, data usage, and control considerations.
• Solid familiarity with cloud and infrastructure control domains (IAM, logging, encryption, network security, resiliency).
• Proven ability to communicate effectively with senior leaders and translate technical issues into executive-level insights.
• Experience working with industry frameworks (e.g., NIST, CIS Controls, COBIT, secure SDLC standards).

• Prior hands-on experience in software engineering, application architecture, platform operations, or DevOps.
• Experience managing risk in high-growth, technology-driven organizations with evolving governance expectations
• Relevant certifications such as CISSP, CISM, CRISC, CISA, or cloud security certifications.