This Head of Application Security Program & Governance role sits at the center of Citi's Application Security Management (ASM) function, a specialized capability within the Offensive Security and Vulnerability Management (OSVM) organization reporting directly to the Global Head of OSVM. The position carries enterprise-wide accountability for the strategic direction, governance, and operational performance of five critical AppSec pillars: Static Application Security Testing (SAST), Component Vulnerability Management (CVM), Malicious Code Detection (MCD), Automated Release Vulnerability Assessment (ARVA), and Application Secrets Detection (ASD). This is a rare opportunity for a seasoned application security leader to shape how one of the world's largest financial institutions secures its software development ecosystem at scale. The role demands both deep technical credibility across secure SDLC practices and the executive-level communication skills needed to influence development organizations, senior leadership, and regulatory stakeholders.
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
Job Type
Full-time
Career Level
Director