Jobs · Information Technology

Director, Application Security (Cybersecurity Defense)

Cardinal Health · United States · 2 wk ago
RemoteRemoteInformation TechnologyFull-time

Responsibilities

  • Lead the enterprise application security strategy aligned with cybersecurity, risk management, and business objectives.
  • Establish governance frameworks to embed security into the software development lifecycle (SDLC) across all application domains.
  • Collaborate with enterprise architecture, engineering, and product teams to align application security with technology strategies and transformation initiatives.
  • Serve as an advisor to executive and business leadership on application security risks, priorities, and investment decisions.
  • Drive a secure-by-design culture across development and engineering teams.
  • Oversee application security capabilities across Pharma, Medical, and Commercial Technology segments, ensuring consistent implementation of security practices.
  • Define segment-specific requirements and approaches to address unique regulatory, operational, and risk considerations.
  • Ensure alignment of application security practices across segments while enabling flexibility to support business-specific needs.
  • Drive standardization of processes, tooling, and reporting across segment application security teams.
  • Oversee enterprise application security testing programs, including SAST, DAST, SCA, and IAST across all application environments.
  • Ensure vulnerabilities are identified, assessed, prioritized, and remediated during the development lifecycle prior to deployment.
  • Define secure coding standards and integrate security controls into CI/CD pipelines and development workflows.
  • Collaborate with development teams to reduce application security technical debt and improve code quality.
  • Oversee implementation of runtime security controls for applications and APIs, including WAF, API gateways, and runtime monitoring solutions.
  • Ensure security requirements are embedded into application and API design, deployment, and operational processes.
  • Collaborate with engineering and infrastructure teams to enforce runtime protections aligned with enterprise architecture.
  • Monitor runtime risks and coordinate mitigation efforts across application environments.
  • Lead development and integration of application security tooling, including configuration, onboarding, and operational management.
  • Define use cases, policies, and detection logic for application security tools to ensure effective coverage and scalability.
  • Drive integration of application security tools into CI/CD pipelines and DevSecOps workflows.
  • Ensure application security tooling aligns with enterprise security architecture and standards.
  • Collaborate with Security Architecture teams to define secure design patterns, reference architectures, and application security standards.
  • Ensure application security requirements are incorporated into solution design and architecture reviews.
  • Partner with engineering teams to implement secure development lifecycle (SDLC) practices and controls.
  • Support evaluation of new technologies and architectures to ensure alignment with security requirements.
  • Ensure application security practices align with regulatory requirements, compliance standards, and enterprise risk management frameworks.
  • Provide application security oversight for audits, regulatory assessments, and compliance reporting.
  • Collaborate with risk and compliance teams to translate application security risks into enterprise risk insights.
  • Support remediation of identified risks and ensure alignment with risk tolerance and governance processes.
  • Define and track KPIs and KRIs related to application security posture, vulnerability management, and SDLC integration.
  • Provide regular reporting to executive leadership on application security risks, trends, and program effectiveness.
  • Leverage data and analytics to drive continuous improvement in application security practices and outcomes.
  • Identify opportunities to enhance automation, efficiency, and scalability of application security processes.
  • Collaborate with application development, product, IT, security operations, and business teams to integrate application security into enterprise processes.
  • Partner with Cyber Detection & Response to ensure application security findings are integrated into monitoring and incident response workflows.
  • Engage with segment leaders to align application security initiatives with business priorities and risk considerations.
  • Support M&A activities by assessing and integrating application security controls for acquired applications.
  • Build and lead a high-performing application security organization with expertise across secure development, testing, and runtime protection.
  • Ensure alignment of team capabilities with evolving technologies, threats, and business needs.
  • Qualifications

    • Ideal candidates should have 10+ years of experience in cybersecurity, with a focus on application security, secure development, or DevSecOps.
    • Deep expertise in application security testing methodologies (SAST, DAST, SCA, IAST) and secure development practices, strongly preferred.
    • Strong understanding of application and API security, cloud-native architectures, and modern development frameworks.
    • Experience leading application security programs across large, complex organizations, preferred.
    • Strong understanding of cybersecurity frameworks (e.g., NIST CSF, OWASP, ISO 27001) and regulatory requirements.
    • Demonstrated ability to collaborate with cross-functional teams and influence executive stakeholders.
    • Strong leadership, communication, and problem-solving skills.

    Pay and Benefits

    • Anticipated salary range: $135,400 - $208,100
    • Bonus eligible: Yes
    • Benefits: Medical, dental and vision coverage, paid time off plan, health savings account (HSA), 401k savings plan, access to wages before pay day with myFlexPay, flexible spending accounts (FSAs), short- and long-term disability coverage, work-life resources, paid parental leave, healthy lifestyle programs

Similar jobs

Director of Cybersecurity

Altar'd StateKnoxville, TN· 1 wk ago
Information Technologyapply on standoutforgood.wd12.myworkdayjobs.com