Head of Application Security Program & Governance

Citi

Remote

Quick summary

Work type: Remote
Location: FL
Salary: $170,000–$300,000 / yr
Posted: 4 days ago
Nearby: 31 roles within 25 mi

Market check

Salary context

Above market

How this pay compares to similar roles

Similar $194k

This role $235k

$135k most similar roles pay here $318k

This role pays more than 80% of similar roles. Most pay $161,012–$226,300 — the shaded band above. At the midpoint, this role pays about $235k versus about $194k for comparable roles.

Based on 240 similar postings.

Employer

About Citi

Citi is one of the world’s most trusted financial institutions, proudly serving millions of customers across the United States.

Citi currently has 329 open roles on FindRole.

Listed pay typically runs $125,760–$188,640 across 308 roles with salary data.

Most-posted roles

View all roles at Citi

At a glance

TL;DR · Head of Application Security Program & Governance

Role Posting Log in to save

The Head of Application Security Program & Governance role at Citi is a senior leadership position within the Offensive Security and Vulnerability Management (OSVM) organization. This individual will oversee the strategic direction and operational performance of five critical AppSec pillars: SAST, CVM, MCD, ARVA, and ASD, integrating AI and ML capabilities to enhance security testing and developer guidance tools. Responsibilities include defining governance standards, managing regulatory compliance, and leading training programs for development teams. The ideal candidate has over 15 years of experience in application security and DevSecOps at enterprise scale, with expertise in SAST tools like Checkmarx and Black Duck, CI/CD pipeline integration, and AI-enhanced security practices. Knowledge of cloud security testing across AWS, Azure, or GCP is preferred, along with familiarity with ServiceNow for vulnerability management workflows.

Skills

Checkmarx Black Duck Snyk Fortify CI/CD SSDF OWASP SAMM BSIMM NIST ISO 27001 FFIEC AWS Azure GCP ServiceNow DAST AI ML LLM

What you'll do

Define and drive the strategic roadmap for ASM program pillars.
Lead integration of AI and ML into ASM operations for enhanced security.
Develop and deploy AI-enhanced developer guidance tools at scale.
Continuously assess adversarial AI threats and enhance detection capabilities.
Own and evolve AppSec governance standards, including exemption management.
Define Application Security Key Risk Indicators and lead performance insights.

What we're looking for

Over 15 years of experience in application security or DevSecOps at enterprise scale.
Deep knowledge and hands-on experience with SAST, CVM, MCD, ARVA, ASD tools.
Proven ability to define governance frameworks and KRI/metric programs for secure software development.
Experience assessing AI's impact on the threat landscape and leading technical teams.
Excellent communication skills to translate complex security data into actionable insights.

Similar roles

Global Director of Application Security

Northern Trust

Chicago, IL 24 days ago $164,600–$288,000

SAST DAST SCA CI/CD API security Cloud-native application security Software supply chain security AI-assisted development DevSecOps Kubernetes Terraform Python PostgreSQL AWS Azure GitHub Jenkins Prometheus Grafana

Save

Lead Director, Third Party Security, Assessment Operations

CVS Health

Remote 6 days ago $144,200–$288,400

Archer SecurityScorecard ServiceNow BlackKite GRC AI CI/CD HIPAA PCI-DSS NIST ISO 27001/27036 SOC 2 KPIs KRIs Python SQL PostgreSQL AWS Azure Google Cloud

Remote

Save

Senior Lead Information Security Office Consultant

Capital One Financial

McLean, VA +3 44 days ago $229,900–$262,400

AWS Azure GCP DevSecOps CI/CD ISO 27001 ITIL COBIT PCI DSS GDPR NIST Cyber Security Framework CISSP CISM CISA Threat Modeling SaaS Integration Container Services Cloud Security Engineering

Save

Director, Application Security, Cybersecurity Defense

Cardinal Health

Remote 25 days ago $135,400–$208,100

CI/CD DevSecOps SAST DAST SCA IAST OWASP NIST CSF ISO 27001 API security WAF Cloud-native architectures Secure coding standards Kubernetes AWS Python PostgreSQL Terraform GitLab Jenkins

Remote

Save

Director, Information Technology & Security

Affirm

Remote 61 days ago $300,000–$360,000

FDIC FFIEC GLBA Regulation P FS-ISAC Incident Response Penetration Testing Cloud Security Hybrid Environments Information Security Governance Third-Party Risk Management Data Protection Privacy-by-Design Business Continuity Planning Disaster Recovery Vendor Management Security Operations Cyber Threat Intelligence Compliance Reporting Regulatory Compliance Risk Management

Remote

Save

Director, IT Security Operations

University of Miami

Miami, FL 9 days ago

SIEM MDR CISSP CISM Security+ Certified Ethical Hacker Cloud Security certification ISO27000 COBIT NIST 800 Cybersecurity Incident Response Network and security architecture Regulatory compliance

Save