Application Security Assurance Associate Director

Are you ready to make an impact at DTCC?

Do you want to work on innovative projects, collaborate with a dynamic and supportive team, and receive investment in your professional development? At DTCC, we are at the forefront of innovation in the financial markets. We are committed to helping our employees grow and succeed. We believe that you have the skills and drive to make a real impact. We foster a thriving internal community and are committed to creating a workplace that looks like the world that we serve.

Pay and Benefits:

• Competitive compensation, including base pay and annual incentive
• Comprehensive health and life insurance and well-being benefits, based on location
• Pension / Retirement benefits
• Paid Time Off and Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.
• DTCC offers a flexible/hybrid model of 3 days onsite and 2 days remote (onsite Tuesdays, Wednesdays and a third day unique to each team or employee).

The Impact you will have in this role:

As a member of the CISO organization, this role provides strategic leadership for application security governance across DTCC's API and agent/MCP platforms. The leader owns the design, delivery, and continuous improvement of platform native AppSec controls-spanning build, deployment, and runtime-ensuring security is embedded through automation, policyascode, and standardized guardrails. By partnering closely with Cloud, Platform, and Application teams, this role enables secure scaling of AI workloads while reducing material risk, improving vulnerability signal quality, and ensuring controls are audit ready, measurable, and aligned to DTCC's regulatory and risk management expectations.

Your Primary Responsibilities:

• Establish and operate API security capabilities. Design, implement, and run API discovery, inventory, assessment, and monitoring capabilities across DTCC applications, aligned to DTCC Control Standards.
• Build MCP-style security enablement. Develop and maintain model-driven, context-aware capabilities (e.g., correlation, orchestration, prioritization) that integrate API, application, and runtime security signals.
• Conduct targeted security assessments. Perform API and application security assessments, risk analysis, and security reviews, identifying design and implementation weaknesses in authentication, authorization, data exposure, and integration patterns.
• Monitor, mitigate, and escalate risk. Track API-related vulnerabilities and control gaps, validate remediation, and escalate material risk in accordance with DTCC risk and escalation procedures.
• Operate and optimize tooling and platforms. Manage tools, services, and infrastructure supporting API discovery, testing, and analysis; partner with infrastructure, platform, and application teams to ensure effective and reliable use.
• Enable secure integration patterns. Contribute to and maintain API security standards, secure design guidance, and best practices for development teams.
• Continuously evolve detection capabilities. Research emerging API and AI-driven security techniques and apply them pragmatically to improve detection, signal quality, and reporting.
• Demonstrate strong risk and ethics discipline. Follow established procedures, monitor controls, identify weaknesses, and consistently demonstrate sound judgment and ethical behavior.

Qualifications:

• Minimum of 8 years of related experience
• Bachelor's degree preferred or equivalent experience

Talents Needed for Success:

• Relevant certification, for example CISM, CISSP, Burp Suite Certified Practitioner
• API security expertise. Strong hands-on experience securing APIs, services, and integrations, including authN/authZ, OAuth/OIDC, schema validation, rate limiting, and data protection.
• Model-driven and automation mindset. Experience designing or operating model-driven, context-aware, or orchestrated security capabilities that improve prioritization and decision-making.
• Security tooling and platform ownership. Proven experience managing security tools and supporting infrastructure, and integrating them with CI/CD, runtime, and observability platforms.
• Risk assessment and escalation judgment. Ability to evaluate API and integration risk, track remediation, and escalate appropriately within defined governance models.
• Cross-team coordination. Strong ability to work across application, platform, cloud, and infrastructure teams to drive outcomes without direct authority.
• Secure design influence. Ability to translate API security risks into practical design guidance and standards for engineering teams.
• Continuous learning orientation. Actively tracks API, application, and AI-enabled security trends and applies them responsibly.
• Integrity and accountability. Demonstrates attention to detail, consistency in following controls, and strong ethical behavior.

The salary range is indicative for roles at the same level within DTCC across all US locations. Actual salary is determined based on the role, location, individual experience, skills, and other considerations. We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

About Us

With over 50 years of experience, DTCC is the premier post-trade market infrastructure for the global financial services industry. From 20 locations around the world, DTCC, through its subsidiaries, automates, centralizes, and standardizes the processing of financial transactions, mitigating risk, increasing transparency, enhancing performance and driving efficiency for thousands of broker/dealers, custodian banks and asset managers. Industry owned and governed, the firm innovates purposefully, simplifying the complexities of clearing, settlement, asset servicing, transaction processing, trade reporting and data services across asset classes, bringing enhanced resilience and soundness to existing financial markets while advancing the digital asset ecosystem. In 2024, DTCC's subsidiaries processed securities transactions valued at U.S. $3.7 quadrillion and its depository subsidiary provided custody and asset servicing for securities issues from over 150 countries and territories valued at U.S. $99 trillion. DTCC's Global Trade Repository service, through locally registered, licensed, or approved trade repositories, processes more than 25 billion messages annually. To learn more, please visit us at or connect with us on LinkedIn , X , YouTube , Facebook and Instagram .

DTCC proudly supports Flexible Work Arrangements favoring openness and gives people freedom to do their jobs well, by encouraging diverse opinions and emphasizing teamwork. When you join our team, you'll have an opportunity to make meaningful contributions at a company that is recognized as a thought leader in both the financial services and technology industries. A DTCC career is more than a good way to earn a living. It's the chance to make a difference at a company that's truly one of a kind.

Learn more about Clearance and Settlement by clicking here .

About the Team

Serves as a dedicated technology resource for advancing DTCC's business opportunities and providing industry thought leadership for leveraging new technology. The goal of this new department is to partner internally with IT, our business and regulatory divisions and externally with clients, regulators, and fintech vendors, to help build new platforms and business models to advance DTCC's mission to support the financial markets.