Global Director of Application Security

About The Position

Requirements

• 10+ years in application security, cybersecurity, or software engineering
• 5+ years leading application security or DevSecOps programs at enterprise scale
• Experience defining and enforcing security policies, standards, and governance
• Strong technical depth in secure software development and modern SDLC practices
• Proven ability to influence engineering teams and senior stakeholders
• Experience leading small, high-impact teams including contractors
• Applicants must be authorized to work in the U.S. without the need for employment-based visa sponsorship now or in the future.
• Northern Trust will not sponsor applicants for U.S. work visa status for this opportunity (no sponsorship is available for H-1B, L-1, TN, O-1, E-3, H-1B1, F-1, J-1, OPT, CPT or any other employment-based visa)

Nice To Haves

• Hands-on experience developing software in large enterprises with mature DevOps / CI/CD pipelines
• Background in software engineering, architecture, or platform engineering
• Experience with: SAST, DAST, SCA
• Software supply chain security
• API and cloud-native application security
• CI/CD pipeline security and automation
• Familiarity with AI-assisted development and its security implications
• Financial services or regulated industry experience

Responsibilities

• Own the Application Security Strategy: Define and execute the enterprise Application Security vision, roadmap, and operating model aligned to business and technology priorities.
• Establish Governance & Standards: Develop and enforce application security policies, standards, and controls across the software development lifecycle (SDLC), including APIs, CI/CD pipelines, and software supply chain.
• Lead the AI Security Transformation: Shape how the organization evolves from traditional development security to AI-assisted and AI-generated development models, including guardrails, validation, and governance.
• Drive Secure DevSecOps Practices: Partner with engineering and platform teams to embed security into CI/CD pipelines using scalable, automated, developer-friendly approaches (SAST, DAST, SCA, IaC, secrets, etc.).
• Lead and Scale a High-Impact Team: Manage an initial team of 4 direct reports (North America) and ~10 contractors, building a high-performing, technically strong organization.
• Engage and Influence Leadership: Act as a senior advisor to cybersecurity and technology leadership, communicating risk, strategy, and progress to executive stakeholders.
• Deliver Measurable Risk Reduction: Define KPIs and drive improvements in vulnerability management, remediation velocity, and overall application security posture.

Benefits

• retirement benefits (401k and pension)
• health and welfare benefits (medical, dental, vision, spending accounts and disability)
• paid time off
• parental and caregiver leave
• life & accident insurance
• other voluntary and well-being benefits
• discretionary bonus program that may include an equity component