Provide strategic oversight and define the validation and risk management frameworks required to ensure the security, data privacy, and integrity of the NYU enterprise application ecosystem in alignment with best practices and NYU’s Global Information Security Program.
Act as a primary partner to Institutional Solutions Group (ISG) application portfolio leads, ensuring that application ecosystems, controls, and processes are aligned with University policies, standards, and procedures.
Operationalize and oversee the implementation of application security and data privacy controls, identifying and assessing potential security and privacy risks across diverse technology stacks to ensure an integrated approach to risk management.
Develop and implement standardized playbooks, templates, and tools to improve application security and data privacy effectiveness.
Validate that required controls are effectively in place across all ISG application portfolios.
Aggregate risk data and provide comprehensive compliance reports and dashboards to executive leadership.

Requirements

Required Education: Bachelor's Degree in Computer Science, Business, or related major
Required Experience: 5+ years of progressive experience in information security, IT risk management, or IT compliance.
Direct experience with secure software development lifecycles (S-SDLC), application security frameworks, and technical vulnerability management (e.g., OWASP Top 10).
Proven history of conducting IT risk assessments, developing risk mitigation strategies, and overseeing compliance against institutional or federal standards.
Experience operationalizing data protection standards and interpreting privacy regulations such as GDPR, HIPAA, or FERPA in a technical environment.
Required Skills, Knowledge and Abilities: Deep understanding of applications security risks (OWASP Top 10), secure software development lifecycles, secure application integration standards, and common vulnerabilities across modern (cloud-native, AI-integrated) and legacy application stacks.
Proficiency in modern identity and access management standards.
Experience establishing automated 'Joiner-Mover-Leaver' workflows and centralized access review processes.
Strong ability to interpret federal and state regulations (e.g., FERPA, HIPAA, GDPR) and translate them into actionable technical controls for application developers.
Demonstrated ability to act as a consultative partner to technical leads while effectively presenting risk-based data and dashboards to non-technical executive leadership.

Benefits

NYU aims to be among the greenest urban campuses in the country and carbon neutral by 2040.

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

information securityIT risk managementIT compliancesecure software development lifecycles (S-SDLC)application security frameworkstechnical vulnerability managementrisk assessmentsrisk mitigation strategiesdata protection standardsidentity and access management

Soft Skills

consultative partnerpresenting risk-based datacommunication with executive leadershipinterpretation of regulationscollaboration with technical leads