Job Description Provide strategic direction and leadership for the enterprise application security program, partnering with development teams across the organization to embed security throughout the software development lifecycle and lead the march to shift security further left within AbbVie. Drive maturation of existing application security capabilities while building and scaling new functions including product security, DevSecOps, API security, and software supply chain security, developer training. Lead multiple security teams to deliver a comprehensive application security program that enables secure, rapid development through automation, developer enablement, and security integration. This position can be remote anywhere in the U.S. Key Responsibilities: Accountability and ownership of the Application Security program including both strategy, execution, and ongoing operations. Build and maintain relationship with business and business-focused IT partners to gain support for and drive success to application security programs and processes. Build, develop, and execute on scalable and secure practices for the AbbVie App Sec program Oversee application security capabilities, following a “shift left” methodology to best integrate security throughout all phases of the SDLC Influence roadmaps and decisions of partner teams to promote application security Develop an application security framework, encompassing all aspects of application security, including vulnerability management, threat modeling, data protection, security logging/monitoring, secrets management, software supply chain security, DevSecOps integration, secure code training, security review & testing, and compliance. Lead and develop multiple application security teams focusing on: Development standards & SDLC integration DevSecOps Program Application Security / DevSecOps operations & engineering Product security Software supply chain and secrets management API & container security Build and scale developer-focused security programs including: Developer certification and training programs Secure code bootcamps AppSec champions programs Self-service security tooling Design and implement custom security tooling to ensure development teams have the best possible customer experience when interacting with Application Security.