Director, Application Security; Cybersecurity Defense

Position: Director, Application Security (Cybersecurity Defense)
## Director, Application Security (Cybersecurity Defense)
Apply locations:
US-Nationwide-FIELDtime type:
Full time posted on:
Posted Todayjob requisition :

*** What Cybersecurity Defense contributes to Cardinal Health
*** Cybersecurity Defense focuses heavily on threat detection, incident response, and implementing security measures to protect our digital assets and infrastructure at Cardinal Health. The
* Director, Application Security
* is responsible for establishing, leading, and evolving the enterprise application security strategy to embed security into the software development lifecycle (SDLC) and reduce application-layer risk across the business segments. This leader ensures that applications and APIs are designed, developed, and deployed in alignment with security policies & standards, regulatory requirements, and risk management objectives. This Director oversees segment-aligned application security capabilities across Pharma, Medical, and Commercial Technology environments, enabling consistent governance, scalable processes, and effective risk mitigation across diverse application portfolios.
** Location** - Open to candidates nationwide working in a fully remote capacity, with preference towards those based local to Central Ohio (willingness to travel into our Corporate HQ in Dublin, OH during certain period of the year is a plus)
** Responsibilities
* ** Lead the enterprise application security strategy aligned with cybersecurity, risk management, and business objectives.
* Establish governance frameworks to embed security into the software development lifecycle (SDLC) across all application domains.
* Collaborate with enterprise architecture, engineering, and product teams to align application security with technology strategies and transformation initiatives.
* Serve as an advisor to executive and business leadership on application security risks, priorities, and investment decisions.
* Drive a secure-by-design culture across development and engineering teams.
* Oversee application security capabilities across Pharma, Medical, and Commercial Technology segments, ensuring consistent implementation of security practices.
* Define segment-specific requirements and approaches to address unique regulatory, operational, and risk considerations.
* Ensure alignment of application security practices across segments while enabling flexibility to support business-specific needs.
* Drive standardization of processes, tooling, and reporting across segment application security teams.
* Oversee enterprise application security testing programs, including SAST, DAST, SCA, and IAST across all application environments.
* Ensure vulnerabilities are identified, assessed, prioritized, and remediated during the development lifecycle prior to deployment.
* Establish secure coding standards and integrate security controls into CI/CD pipelines and development workflows.
* Collaborate with development teams to reduce application security technical debt and improve code quality.
* Oversee implementation of runtime security controls for applications and APIs, including WAF, API gateways, and runtime monitoring solutions.
* Ensure security requirements are embedded into application and API design, deployment, and operational processes.
* Collaborate with engineering and infrastructure teams to enforce runtime protections aligned with enterprise architecture.
* Monitor runtime risks and coordinate mitigation efforts across application environments.
* Lead development and integration of application security tooling, including configuration, onboarding, and operational management.
* Define use cases, policies, and detection logic for application security tools to ensure effective coverage and scalability.
* Drive integration of application security tools into CI/CD pipelines and Dev Sec Ops  workflows.
* Ensure application security tooling aligns with enterprise security architecture and standards.
* Collaborate with Security Architecture teams to define secure design patterns, reference architectures, and application security standards.
* Ensure application security requirements are incorporated into solution design and architecture reviews.
* Partner with engineering teams to implement secure development lifecycle (SDLC) practices and controls.
* Support evaluation of new technologies and architectures to ensure alignment with security requirements.
* Ensure application security practices align with regulatory requirements, compliance standards, and enterprise risk management frameworks.
* Provide application security oversight for audits, regulatory assessments, and compliance reporting.
* Collaborate with risk and compliance teams to translate application security risks into enterprise risk insights.
* Support remediation of identified risks and ensure alignment with risk tolerance and governance processes.
* Define and track KPIs and KRIs related to application security posture, vulnerability management, and SDLC integration.
* Provide regular reporting to…