Citigroup, Inc

Head of Application Security Program & Governance, Director

Citigroup, Inc$170K — $300K *
US-AnywhereRemote in Florida, US
Information Technology
11 - 15 years of experience
Today
Be an Early Applicant
Job Overview by Ladders

Qualifications

  • 15+ years in application security, DevSecOps, or secure SDLC leadership at enterprise scale.
  • 5+ years of people management experience preferred.
  • Deep knowledge of SAST, SCA/CVM, and automated security testing tools (e.g., Checkmarx, Snyk).
  • Strong understanding of CI/CD pipeline security integration.
  • Experience defining governance frameworks and KRI/metric programs for large-scale secure software development.
  • Ability to assess AI's impact on the threat landscape and vulnerability exploitation.
  • Proven experience leading and mentoring technical teams.

Responsibilities

  • Define and implement a multi-year strategic roadmap for Application Security Management pillars.
  • Integrate AI and ML capabilities into ASM operations for improved security processes.
  • Develop AI-enhanced tools for security guidance to engineering teams.
  • Continuously evaluate the adversarial AI threat landscape.
  • Enhance ASM detection and response capabilities against AI-enabled threats.
  • Develop and uphold AppSec governance standards and policy compliance.
  • Serve as the primary ASM liaison for development organizations and senior leadership.
  • Oversee and enhance developer security training programs.

Benefits

  • Medical, dental & vision coverage.
  • 401(k) plan.
  • Life, accident, and disability insurance.
  • Wellness programs.
  • Paid time off including vacation and sick leave.
Full Job Description
The Role:

This Head of Application Security Program & Governance role sits at the center of Citi's Application Security Management (ASM) function, a specialized capability within the Offensive Security and Vulnerability Management (OSVM) organization reporting directly to the Global Head of OSVM. The position carries enterprise-wide accountability for the strategic direction, governance, and operational performance of five critical AppSec pillars: Static Application Security Testing (SAST), Component Vulnerability Management (CVM), Malicious Code Detection (MCD), Automated Release Vulnerability Assessment (ARVA), and Application Secrets Detection (ASD). This is a rare opportunity for a seasoned application security leader to shape how one of the world's largest financial institutions secures its software development ecosystem at scale. The role demands both deep technical credibility across secure SDLC practices and the executive-level communication skills needed to influence development organizations, senior leadership, and regulatory stakeholders.

Responsibilities
  • Define and drive the multi-year strategic roadmap for ASM program pillars (SAST, CVM, MCD, ARVA, ASD), aligning with Citi's broader OSVM and enterprise cybersecurity strategy.
  • Lead the integration of AI and ML capabilities into ASM operations, including AI-assisted vulnerability triage, intelligent false-positive suppression, and automated remediation workflows.
  • Develop and deploy AI-enhanced developer guidance tools that improve security posture across engineering teams at scale.
  • Continuously assess the adversarial AI threat landscape, including AI-accelerated exploit development and vulnerability chaining techniques.
  • Drive corresponding enhancements to ASM detection, response capabilities, and overall program strategy in response to emerging AI-enabled threats.
  • Own and evolve AppSec governance standards, including exemption management, policy compliance, and regulatory alignment across Citi's software estate.
  • Define Application Security Key Risk Indicators (KRIs) and lead program performance insights, including root cause analysis, trend identification, and continuous improvement reporting.
  • Serve as the primary ASM interface for development organizations, product delivery teams, Information Security partners, enterprise architecture, and senior leadership.
  • Oversee developer and App Manager security training programs, ensuring engineering teams understand their security obligations and are equipped to meet them.
  • Mentor ASM pillar leads, drive cross-pillar coordination, manage program resources, and maintain delivery timelines across ASM initiatives.


Qualifications
  • 15+ years of experience in application security, DevSecOps, or secure SDLC program leadership at enterprise scale.
  • 5+ years' experience in people management preferred.
  • Deep knowledge of SAST, Software Composition Analysis (SCA/CVM), and automated security testing, with hands-on experience using tools such as Checkmarx, Black Duck, Snyk, Fortify, or equivalent platforms.
  • Strong understanding of CI/CD pipeline security integration and the enforcement of security gates within build and deployment pipelines.
  • Demonstrated ability to define governance frameworks, security standards, and KRI/metric programs for large-scale secure software development programs.
  • Experience assessing AI's impact on the threat landscape, including AI-assisted vulnerability chaining and accelerated exploit development scenarios.
  • Proven track record leading and mentoring technical teams in a program management or technical leadership capacity.
  • Working knowledge of recognized security frameworks, including SSDF, OWASP SAMM, BSIMM, NIST, ISO 27001, and FFIEC guidelines.
  • Excellent communication skills with demonstrated ability to translate complex security program data into actionable insights for both technical audiences and senior leadership.
  • Experience with malicious code detection, secrets detection, or automated release security gating programs is strongly preferred.
  • Familiarity with AI/ML integration into security tooling, including AI-assisted triage, intelligent rule tuning, and LLM-based developer guidance is preferred.
  • Experience with cloud security testing across AWS, Azure, or GCP, and familiarity with ServiceNow for vulnerability management workflows is preferred.
  • Experience with Dynamic Application Security Testing (DAST) methodologies and their integration into automated CI/CD pipelines is preferred.


Education
  • Active certification in CISSP, CISM, CRISC, CISA, GIAC, or equivalent is strongly desired.
  • Bachelor's degree in Computer Science, Information Security, Engineering, or equivalent practical experience.
  • Master's degree preferred.


This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required.

Job Family Group:
Technology

Job Family:
Information Security

Time Type:
Full time

Primary Location:
Telecommuter Florida United States

Primary Location Full Time Salary Range:
$170,000.00 - $300,000.00

In addition to salary, Citi's offerings may also include, for eligible employees, discretionary and formulaic incentive and retention awards. Citi offers competitive employee benefits, including: medical, dental & vision coverage; 401(k); life, accident, and disability insurance; and wellness programs. Citi also offers paid time off packages, including planned time off (vacation), unplanned time off (sick leave), and paid holidays. For additional information regarding Citi employee benefits, please visit citibenefits.com. Available offerings may vary by jurisdiction, job level, and date of hire.

Most Relevant Skills
Please see the requirements listed above.

Other Relevant Skills
For complementary skills, please see above and/or contact the recruiter.

Anticipated Posting Close Date:
Jul 01, 2026

About Citigroup, Inc

Citigroup is a financial services holding company that provides financial products and services. The company operates through two segments, Global Consumer Banking (GCB) and Institutional Clients Group (ICG). The GCB segment offers traditional banking services to retail customers through retail banking, commercial banking, Citi-branded cards, and Citi retail services. The ICG segment offers various banking, and financial products and services to corporate, institutional, public sector, and high-net-worth clients. This segment provides wholesale banking products and services, including fixed-income and equity sales and trading, foreign exchange, prime brokerage, derivative services, equity and fixed-income research, corporate lending, investment banking, and advisory services, private banking, cash management, trade finance, and securities services. Citi is committed to sustainability and social responsibility, and the company invests in initiatives that promote economic progress.

Citigroup, Inc Careers

Join the vibrant team at Citigroup, Inc, a leading global bank, and propel your career into the future. Citigroup offers a plethora of job opportunities that span across various fields and expertise, making it an ideal place for ambitious professionals to thrive.

Work You’ll Do

At Citigroup, Inc, you will engage in exciting work that matters. Join our team to help innovate and drive transformation in the banking industry. With Citigroup, you can lead initiatives that redefine how banking works and how financial services can empower people globally.

Innovate and Lead

Citigroup, Inc is at the forefront of financial innovation and leadership. By joining our team, you will work alongside top professionals to develop solutions that enhance customer experiences and operational efficiency. Our commitment to innovation is fundamental, and we encourage our team to push boundaries and think outside the box.

Grow Your Career

Citigroup, Inc is not just a company; it's a place where you can grow both professionally and personally. We offer robust career paths and professional development opportunities that help you reach your potential. With diverse career tracks and the support of leadership, your growth at Citigroup is limitless.

Diversity and Inclusion

We believe our strength comes from the diversity of our team. Citigroup, Inc is dedicated to fostering an inclusive workplace where everyone can contribute their best work. Through diversity training and a culture that embraces differences, we create a welcoming environment for all employees.

Benefits and Culture

Citigroup, Inc values the well-being of its employees. We offer competitive benefits packages that support the health, finance, and lifestyle of our team members. Our culture is built on collaboration, respect, and a commitment to excellence. We ensure that every team member feels valued and part of our global family.

Internship and Employment Opportunities

Start your professional journey with Citigroup through our internship programs or full-time job opportunities. We are constantly hiring fresh talent and seasoned experts who bring creativity and innovation to our team. Whether you're refining your skills or ready to lead, there's a position waiting for you at Citigroup.

Networking and Professional Development

At Citigroup, Inc, networking and continuous learning are part of our DNA. We provide platforms for employees to connect with industry leaders and peers, enhancing their skills and opening up new career opportunities. Our leadership programs and professional development initiatives ensure that you are always ahead of the curve.

Join Our Team

Explore the numerous positions available at Citigroup, Inc that match your skills and interests. We are looking for passionate, curious, and solution-driven team players who are ready to make an impact.

Stay Connected

Keep up to date with the latest in career opportunities and industry insights at Citigroup, Inc. Subscribe to our job alert emails and read our careers blog to stay ahead in your professional journey.

Explore Citigroup, Inc Jobs

Discover the exciting and rewarding opportunities that await at Citigroup, Inc. Tailor your resume, prepare for your interview, and take the next step in your career with us.

SEARCH CITIGROUP JOBS

READ CAREERS BLOG

Citigroup, Inc is where your ambition meets opportunity. Join us and transform your career while making a global impact.
Learn more about Citigroup, Inc
Market Cap
$1.3 billion
Industry
Finance & Insurance
Net Income
$89.6 million
Founded
1812
5 Year Trend
+4.6%
NASDAQ
C
* Ladders Estimates

Similar Jobs

Ad banner background

Get Ready For Your
Next Interview

More Jobs at Citigroup, Inc

More Information Technology Jobs

Find similar Head of Application Security Program & Governance, Director jobs:

NationwideRemote