The Role:

The Application Security team in MetLife’s IT Risk & Security organization plays a critical role in ensuring the security of MetLife’s applications and protecting customer and MetLife data. The team works closely with global application development teams and leading application security vendors who provide SAST/DAST/SCA/WAF/RASP and ethical hacking services.

Application security is a top area of focus at MetLife and we are working to embed a ‘secure by design’ culture and associated practices in all development teams. We have adapted key practices recommended by industry standard software security maturity models to further enhance MetLife’s Application Security strategy. This is an exciting time to join the Application Security team as we are continuing to expand the team and invest in new capabilities.

The Director of Application Security Strategy & Governance will play an important role in implementing the strategic roadmap and in driving initiatives to improve governance and operational practices. This leader will also drive strategic engagement with application development teams, divisional CIO’s and be responsible for security assurance and compliance activities related to application security.

Key Responsibilities:

• Lead a team tasked with refining, managing and executing MetLife’s global strategic application security roadmap that is based on industry standard software security frameworks. Plan, implement and track key initiatives focused on strategy, metrics, compliance, policy, developer awareness, training and global stakeholder engagement.
• Lead the strategic improvement of how metrics are assembled and reported on the state of application security at MetLife. Create data driven actionable insights for application development teams to reduce risk. Use a risk-based approach to identify and track high risk applications with security vulnerabilities and track remediation activities
• Share a comprehensive view of current state of application security metrics across full application portfolio at MetLife with stakeholders across CIO organizations. Chair monthly global application security governance forums with CIO delegates on program updates, security metrics and emerging security topics
• Manage and maintain MetLife’s application security policies, standards and procedures to comply with customer and regulatory mandates (e.g. NYDFS, PCI, HIPAA etc.). Liaise with Vendor Management and Procurement teams to manage, track vendor compliance and obtain attestation of software security. Track policy exceptions and remediation dates through active engagement with development teams and operations teams
• Partner with Audit teams to periodically audit controls and secure coding practices being followed by development teams. Provide high impact presentations to ensure executive awareness of the AppSec program and associated metrics to CIO’s and senior leaders. Publish, maintain and curate security content, industry research articles, security directives, emerging threats, best practices, developer Q&A etc. along with a holistic security awareness and training strategy.