Leadership Solutions

Director Information Security - Application Security Management


American Express


United States


The Director of Application Security Management will be responsible for balancing engineering needs with risk management and regulatory compliance across the AXP Enterprise landscape by growing and leading a team tasked with designing and running automated security controls. In addition, the ideal candidate recognizes the importance of building security controls that scale to an agile enterprise. The successful candidate must have experience evolving and designing control frameworks in alignment with delivery transformation, have awareness of modern software development practices and automated build pipelines, and be familiar with Application Security tools and principles. The candidate will be expected to drive results and lead through others.


  • Provide strong leadership to a team of application security engineers and practitioners by establishing clear direction, a productive culture, and measurable goals in pursuit of the overall organizational strategy and roadmap
  • Become an expert in the AXP Enterprise technology stack to understand points of weakness and opportunities for application security services and solutions
  • Integrate, monitor, and measure security controls in the SDLC
  • Drive and manage embedded and automated security testing at scale and report on risk across AXP Enterprise applications
  • Collaborate with internal stakeholders and partners on addressing systemic security issues
  • Evaluate and prioritize security activities to ensure timely execution per risk based approaches and application team needs
  • Provide escalation point for resolving application security testing issues and concerns
  • Recruit, mentor, and grow a talented team of application security experts
  • Continuously review application security tools and services to evaluate efficacy and applicability
  • Ensure successful execution of regulatory and audit responses


Bachelor’s Degree in Computer Science or similar field of study; advanced degree preferred Relevant professional certification preferred Five or more years of application security experience in a fast-paced, agile environment preferred Five or more years of software development experience across web, mobile, and API preferred Knowledge in tools and/or processes to reliably identify security issues and business logic flaws (SAST, DAST, IAST, BDD, etc) Knowledge in application security concepts such as OWASP Top 10 Knowledge of and experience in DevOps methods and principles Strategy development and strong technical leadership experience