OneMain Financial Jobs

Associate Director, Application Risk and Compliance US-NY-New York Job ID: 2026-15439Type: NYU IT (WS1170)# of Openings: 1Category: TechnologyNew York University Overview The Associate Director, Application Risk & Compliance, provides strategic oversight and defines the validation and risk management frameworks required to ensure the security, data privacy, and integrity of the NYU enterprise application ecosystem in alignment with best practices and NYUs Global Information Security Program. Act as a primary partner to Institutional Solutions Group (ISG) application portfolio leads, ensuring that application ecosystems, controls, and processes are aligned with University policies, standards, and procedures. Operationalize and oversee the implementation of application security and data privacy controls, identifying and assessing potential security and privacy risks across diverse technology stacks to ensure an integrated approach to risk management. Develop and implement standardized playbooks, templates, and tools to improve application security and data privacy effectiveness. Validate that required controls are effectively in place across all ISG application portfolios. Aggregate risk data and provide comprehensive compliance reports and dashboards to executive leadership. Serve as a consultant and partner to application portfolio leads, facilitating the delivery of secure foundations through proactive collaboration. Serve as a liaison between the Global Office of Information Security (GOIS) and application teams to facilitate the system certification process, ensuring all systems and applications consistently enforce institutional standards throughout their lifecycle. Responsibilities Required Education:Bachelor's Degree in Computer Science, Business, or related major Preferred Education:Master's Degree in Computer Science, Business or related field Required Experience:5+ years of progressive experience in information security, IT risk management, or IT compliance. Direct experience with secure software development lifecycles (S-SDLC), application security frameworks, and technical vulnerability management (e.g., OWASP Top 10). Proven history of conducting IT risk assessments, developing risk mitigation strategies, and overseeing compliance against institutional or federal standards. Experience operationalizing data protection standards and interpreting privacy regulations such as GDPR, HIPAA, or FERPA in a technical environment. Preferred Experience:Significant experience in higher education or in a large, distributed, and global organization. Experience serving as a primary security or compliance liaison for multiple diverse technical portfolios. Significant experience in higher education or in a large, distributed, and global organization. Required Skills, Knowledge and Abilities:Deep understanding of applications security risks (OWASP Top 10), secure software development lifecycles, secure application integration standards, and common vulnerabilities across modern (cloud-native, AI-integrated) and legacy application stacks. Proficiency in modern identity and access management standards. Experience establishing automated 'Joiner-Mover-Leaver' workflows and centralized access review processes. Strong ability to interpret federal and state regulations (e.g., FERPA, HIPAA, GDPR) and translate them into actionable technical controls for application developers. Demonstrated ability to act as a consultative partner to technical leads while effectively presenting risk-based data and dashboards to non-technical executive leadership. Technical proficiency in leveraging CI/CD security integrations and automation tools to automate and simplify compliance for distributed teams. Proven ability to balance security requirements with business speed, using sound judgment to determine when to grant a waiver versus when to escalate a 'blocker' to leadership.