Director, Application Security Architecture

Glocomms are partnered with a global-leading wealth management firm recognized for its innovation, integrity, and client-centric approach. With a presence in major financial markets and a commitment to responsible investing and financial security, the firm helps individuals and institutions build and manage their wealth over generations. The role is in Tampa FL, Southfield MI, Denver CO, Memphis TN, or remote with frequent travel to Tampa FL.

Position Summary

We are seeking an experienced and strategic Director of Enterprise Application Security Architecture to lead and evolve the organization's application security architecture capabilities. This role will oversee a high-performing team of Enterprise Application Security Architects and play a critical role in shaping the secure design and implementation of enterprise applications, services, and systems across the firm.

The ideal candidate will have deep technical expertise, proven leadership skills, and a forward-thinking mindset to proactively reduce technical debt, drive secure software development practices, and ensure alignment with industry standards, regulatory requirements, and enterprise policies. A strong grasp of Zero Trust Architecture (ZTA) principles is essential, as the organization continues to evolve toward a "never trust, always verify" model across its digital ecosystem.

Key Responsibilities

• Provide leadership, coaching, and strategic direction to a team of five Enterprise Application Security Architects, fostering the design of secure solutions, facilitating code reviews, and ensuring architectural alignment across initiatives.
• Drive conformance to enterprise architecture standards and security best practices, while proactively reducing technical debt within application development efforts.
• Lead the execution of secure design assessments and threat modeling activities for new projects, major features, and architectural shifts across the organization.
• Design, maintain, and evangelize secure reference architectures that reflect the firm's evolving technology stack and strategic business objectives.
• Spearhead the integration and operationalization of Zero Trust Architecture across application, data, and infrastructure layers-ensuring identity verification, access control, and least-privilege principles are consistently applied.
• Collaborate with software engineering, infrastructure, DevOps, and compliance teams to embed security seamlessly into the software development lifecycle (SDLC) and infrastructure provisioning processes.
• Deliver expert guidance on key areas such as encryption, identity and access management (IAM), secure communication protocols, and secure software design principles.
• Partner with cross-functional stakeholders to define and implement Zero Trust-aligned strategies, including identity-centric access controls, micro-segmentation, and adaptive authentication.
• Monitor emerging threats, evolving attack vectors, and security technology trends to assess potential impact and applicability to the firm's security posture.
• Ensure enterprise security architecture practices align with regulatory frameworks and internal compliance requirements.
• Act as a subject matter expert for security architecture in enterprise programs, driving secure adoption of systems, services, and data assets within transformation and modernization initiatives.
• Cultivate strong, collaborative relationships with senior IT, security, and business executives to advocate for secure design principles and influence enterprise technology decisions.
• Define and track key performance indicators (KPIs) and metrics to measure the impact and maturity of application security architecture practices, supporting continuous improvement efforts.

Required Qualifications

• Bachelor's or Master's degree in Computer Science, Information Security, Engineering, or a related discipline.
• 10+ years of experience in Information Security and/or Enterprise Architecture, with at least 5 years in a leadership capacity.
• Deep expertise in application security principles, SDLC integration, secure coding practices, and DevSecOps.
• Demonstrated experience implementing or maturing Zero Trust Architecture models in large-scale enterprise environments.
• Proven experience with secure architecture frameworks, threat modeling methodologies (e.g., STRIDE, PASTA), and security tools (e.g., SAST, DAST, IAST).
• Knowledge of cloud-native architectures and securing applications in public cloud platforms (AWS, Azure, GCP).
• Familiarity with financial services industry regulations and standards (e.g., FFIEC, ISO 27001, NIST, OWASP, PCI DSS).
• Strong communication, collaboration, and executive presentation skills.
• Relevant certifications (e.g., CISSP, CSSLP, SABSA, TOGAF, AWS/Azure Security Specialty) are a plus.

Preferred Attributes

• Strategic thinker with a strong technical foundation and the ability to translate complex security topics into business-aligned outcomes.
• Experience leading secure architecture in a highly regulated, global enterprise.
• Proven ability to influence cultural and technical adoption of Zero Trust models, including continuous verification, identity-driven segmentation, and just-in-time access.
• Comfortable navigating ambiguity, influencing change, and advocating for security in fast-paced development environments.