Job Title

Overview The Associate Director, Application Risk & Compliance, provides strategic oversight and defines the validation and risk management frameworks required to ensure the security, data privacy, and integrity of the NYU enterprise application ecosystem in alignment with best practices and NYUs Global Information Security Program. The role acts as a primary partner to Institutional Solutions Group (ISG) application portfolio leads, ensuring that application ecosystems, controls, and processes align with University policies, standards, and procedures. It operationalizes and oversees the implementation of application security and data privacy controls, identifies and assesses potential security and privacy risks across diverse technology stacks, develops and implements standardized playbooks and templates, validates required controls in all ISG application portfolios, aggregates risk data, and provides comprehensive compliance reports and dashboards to executive leadership. The Associate Director serves as a consultant and partner to application portfolio leads and acts as a liaison between the Global Office of Information Security (GOIS) and application teams to facilitate the system certification process. Required Education Bachelors Degree in Computer Science, Business, or a related major. Preferred Education Masters Degree in Computer Science, Business, or a related field. Required Experience 5+ years of progressive experience in information security, IT risk management, or IT compliance, with direct experience in secure software development lifecycles (SSDLC), application security frameworks, and technical vulnerability management (e.g., OWASP Top 10). Proven history of conducting IT risk assessments, developing risk mitigation strategies, and overseeing compliance against institutional or federal standards. Experience operationalizing data protection standards and interpreting privacy regulations such as GDPR, HIPAA, or FERPA in a technical environment. Preferred Experience Significant experience in higher education or in a large, distributed, and global organization; experience serving as a primary security or compliance liaison for multiple diverse technical portfolios. Required Skills, Knowledge and Abilities Deep understanding of application security risks (OWASP Top 10), secure software development lifecycles, secure application integration standards, and common vulnerabilities across modern (cloudnative, AIintegrated) and legacy application stacks. Proficiency in modern identity and access management standards. Experience establishing automated JoinerMoverLeaver workflows and centralized access review processes. Strong ability to interpret federal and state regulations (e.g., FERPA, HIPAA, GDPR) and translate them into actionable technical controls for application developers. Demonstrated ability to act as a consultative partner to technical leads while effectively presenting riskbased data and dashboards to nontechnical executive leadership. Technical proficiency in leveraging CI/CD security integrations and automation tools to automate and simplify compliance for distributed teams. Proven ability to balance security requirements with business speed, using sound judgment to determine when to grant a waiver versus when to elevate a blocker to leadership. Demonstrated strategic thinking, creative problemsolving, effective verbal and written communication, public speaking, stakeholder engagement, and consensus building in a multicultural environment. Preferred Skills, Knowledge and Abilities Advanced professional credentials such as CISSP, CISM, or CRISC. Deep technical familiarity with secure coding practices and emerging technologies like AI and cloudnative security. Familiarity with GitHub Advanced Security features, including CodeQL, Secret Scanning, and Dependabot. Ability to configure GitHub Actions to automate security testing and enforce policyascode requirements within the developer workflow. Salary In compliance with NYCs Pay Transparency Act, the annual base salary range for this position is USD $175,000.00 to USD $195,000.00. Equal Opportunity Employer NYU is an Equal Opportunity Employer and is committed to a policy of equal treatment and opportunity in every aspect of its recruitment and hiring process without regard to age, alienage, caregiver status, childbirth, citizenship status, color, creed, disability, domestic violence victim status, ethnicity, familial status, gender and/or gender identity or expression, marital status, military status, national origin, parental status, partnership status, predisposing genetic characteristics, pregnancy, race, religion, reproductive health decision making, sex, sexual orientation, unemployment status, veteran status, or any other legally protected basis. All interested persons are encouraged to apply at all levels. #J-18808-Ljbffr