Associate Director, Application Risk and Compliance
New York City, New York, United States of America
Full Time
3 weeks ago
$175,000 - $195,000 USD
No Visa Sponsorship
Key skills
CloudSDLCAILeadershipRisk ManagementOWASP
About this role
Role Overview
Provide strategic oversight and define the validation and risk management frameworks required to ensure the security, data privacy, and integrity of the NYU enterprise application ecosystem in alignment with best practices and NYU’s Global Information Security Program.
Act as a primary partner to Institutional Solutions Group (ISG) application portfolio leads, ensuring that application ecosystems, controls, and processes are aligned with University policies, standards, and procedures.
Operationalize and oversee the implementation of application security and data privacy controls, identifying and assessing potential security and privacy risks across diverse technology stacks to ensure an integrated approach to risk management.
Develop and implement standardized playbooks, templates, and tools to improve application security and data privacy effectiveness.
Validate that required controls are effectively in place across all ISG application portfolios.
Aggregate risk data and provide comprehensive compliance reports and dashboards to executive leadership.
Requirements
Required Education: Bachelor's Degree in Computer Science, Business, or related major
Required Experience: 5+ years of progressive experience in information security, IT risk management, or IT compliance.
Direct experience with secure software development lifecycles (S-SDLC), application security frameworks, and technical vulnerability management (e.g., OWASP Top 10).
Proven history of conducting IT risk assessments, developing risk mitigation strategies, and overseeing compliance against institutional or federal standards.
Experience operationalizing data protection standards and interpreting privacy regulations such as GDPR, HIPAA, or FERPA in a technical environment.
Required Skills, Knowledge and Abilities: Deep understanding of applications security risks (OWASP Top 10), secure software development lifecycles, secure application integration standards, and common vulnerabilities across modern (cloud-native, AI-integrated) and legacy application stacks.
Proficiency in modern identity and access management standards.
Experience establishing automated 'Joiner-Mover-Leaver' workflows and centralized access review processes.
Strong ability to interpret federal and state regulations (e.g., FERPA, HIPAA, GDPR) and translate them into actionable technical controls for application developers.
Demonstrated ability to act as a consultative partner to technical leads while effectively presenting risk-based data and dashboards to non-technical executive leadership.
Tech Stack
Cloud
SDLC
Benefits
NYU aims to be among the greenest urban campuses in the country and carbon neutral by 2040.
