Manager- Applications Security job at DFCU Bank

Background

Reporting to the Senior Manager- Cyber Security Assurance, the Manager- Applications Security is responsible for providing governance and oversight for application security across the enterprise by establishing standards, embedding standards within the development process, prioritizing assessments, reviewing results, and ensuring timely remediation and reporting of security risks to senior management.

KEY ACCOUNTABILITIES

• Implement and enforce application security baseline standards across all systems.
• Define and maintain application security assessment priorities based on business criticality, risk exposure, and compliance needs.
• Integrate security into the software development lifecycle and product design.
• Establish secure coding practices and ensure continuous security testing within CI/CD pipelines.
• Oversee execution of application security assessments, including static (SAST), dynamic (DAST), interactive (IAST), and manual reviews.
• Review assessment outputs, validate findings, and ensure risk-based remediation recommendations are tracked to closure.
• Oversee vulnerability assessments, penetration testing, and red team simulations.
• Ensure timely remediation of identified risks and communicate critical findings to stakeholders.
• Support internal and external audits by providing evidence of control effectiveness related to application security.
• Ensure compliance with applicable standards and frameworks (e.g., OWASP ASVS, ISO 27001, PCI DSS, NIST).
• Serve as the primary liaison between security, development, and business units to ensure security is embedded into development processes.
• Facilitate risk discussions with application owners, architects, and product managers to balance security and delivery objectives.
• Provide security advisory support during project design, development, and change management stages.
• Lead vulnerability identification, prioritization, and recommendation on resolution.
• Report on key metrics and ensure compliance with risk appetite thresholds.
• Ensure no overdue findings , no failed validations and no repeat findings.
• Lead and mentor a high-performing cybersecurity team.
• Foster a culture of accountability, continuous improvement, and innovation.

KNOWLEDGE, SKILLS, AND EXPERIENCE REQUIRED

• Bachelor’s Degree in Information Technology, Computer Science, or related field (Master’s preferred).
• Professional certifications such as CISSP, CISM, CEH, CASE,
• 5+ years of experience in cybersecurity, with at least 2 years in a leadership role.
• Strong knowledge of ISO27001 ISMS, PCI DSS, and regulatory compliance requirements.
• Experience in DevSecOps, vulnerability management, and penetration testing.
• Strong leadership and people management skills.
• Excellent understanding of cybersecurity frameworks and risk management.
• Exceptional communication and executive reporting skills.
• Ability to balance strategic planning with hands-on technical oversight.

• Implement and enforce application security baseline standards across all systems.
• Define and maintain application security assessment priorities based on business criticality, risk exposure, and compliance needs.
• Integrate security into the software development lifecycle and product design.
• Establish secure coding practices and ensure continuous security testing within CI/CD pipelines.
• Oversee execution of application security assessments, including static (SAST), dynamic (DAST), interactive (IAST), and manual reviews.
• Review assessment outputs, validate findings, and ensure risk-based remediation recommendations are tracked to closure.
• Oversee vulnerability assessments, penetration testing, and red team simulations.
• Ensure timely remediation of identified risks and communicate critical findings to stakeholders.
• Support internal and external audits by providing evidence of control effectiveness related to application security.
• Ensure compliance with applicable standards and frameworks (e.g., OWASP ASVS, ISO 27001, PCI DSS, NIST).
• Serve as the primary liaison between security, development, and business units to ensure security is embedded into development processes.
• Facilitate risk discussions with application owners, architects, and product managers to balance security and delivery objectives.
• Provide security advisory support during project design, development, and change management stages.
• Lead vulnerability identification, prioritization, and recommendation on resolution.
• Report on key metrics and ensure compliance with risk appetite thresholds.
• Ensure no overdue findings , no failed validations and no repeat findings.
• Lead and mentor a high-performing cybersecurity team.
• Foster a culture of accountability, continuous improvement, and innovation.

• Strong knowledge of ISO27001 ISMS, PCI DSS, and regulatory compliance requirements.
• Experience in DevSecOps, vulnerability management, and penetration testing.
• Strong leadership and people management skills.
• Excellent understanding of cybersecurity frameworks and risk management.
• Exceptional communication and executive reporting skills.
• Ability to balance strategic planning with hands-on technical oversight.

• Bachelor’s Degree in Information Technology, Computer Science, or related field (Master’s preferred).
• Professional certifications such as CISSP, CISM, CEH, CASE