Application Catalog & Portfolio Manager

The Application Portfolio Manager is a hands-on working manager responsible for the governance, accuracy, and lifecycle management of the enterprise Application Catalog and other related CIs. This role oversees internally developed applications, company-managed or hosted COTS solutions, third-party/SaaS applications, as well as intersection of these applications with desktop or endpoint software. The manager is accountable for application inventory accuracy, ownership accountability, lifecycle visibility, and compliance by leveraging ServiceNow and IT Asset Management (ITAM) best practices. The manager is also expected to understand the evolving regulatory environment governing the use and deployment of applications, especially the use of generative AI technologies in applications.

This role combines strategic oversight with day-to-day execution, including direct configuration and administration within ServiceNow, coordination with application owners and vendors, lifecycle governance, and management of a small application portfolio team within the IT Governance and Compliance Department.

• Own and maintain the enterprise Application Catalog (and other related CIs) across internal developed, COTS, and SaaS applications.
• Define and enforce standards for application (and other related CIs) metadata, ownership, lifecycle state, and classification.
• Govern application lifecycle stages (intake, active, retention, decommission and archive process).
• Enable governance structure that allows the Application Catalog to serve multiple departments and resource needs including those from Compliance, Information Security, Risk Management, Legal (not limiting to ITAM use cases).
• Participate in monitoring the regulatory environment that our applications are used in.
• Design and enable processes so that the Application Catalog (and other related CIs) can be managed and improved in an agile manner.
• Work with purchasing, vendor management, and third-party risk management to assess and mature new and existing software vendor and partner relationships.
• Develop dashboards, reports and KPIs for leadership.
• Assess new application requests against existing catalog entries for awareness and synergy.
• Assess impact of new company policy or regulatory requirements against existing catalog entries for compliance.
• Drive application rationalization and elimination initiatives.

Application Lifecycle Management & Certification
• Design and manage periodic application (and other related CIs) certifications and other compliance assessments as needed.
• Validate ownership, business value, data classification, risk, and compliance.
• Automate certification workflows using ServiceNow.
• Track exceptions and remediation actions.

Decommissioning & Sunset Management
• Define and manage formal application decommissioning processes including compliance with data retention, archival, and secure disposal requirements.
• Initiate, manage and track retirement of application infrastructure, integrations, and access.
• Update ServiceNow and other related CI asset records.

Team Leadership & Collaboration
• Manage and mentor a small team.
• Act as a hands-on working manager.
• Collaborate with IT, Security, Compliance, business stakeholders, legal, procurement, and vendor risk teams.

Bachelor’s degree in Information Technology, Cybersecurity, Risk Management, or related field. Master’s degree preferred.

• Direct experience with ServiceNow including ServiceNow certifications (CSA, APM, ITAM)
• Experience with compliance and security frameworks and controls (SOX/SOC2, ITIL, NIST CSF, COBIT, ISO, CIS, etc.)
• Experience with financial services and/or alternate highly regulated environments
• Experience with the development or deployment/use of generative AI in applications.
• Experience with application rationalization
• SaaS and vendor management experience

• 5+ years in Application Portfolio Management or IT asset management.
• Hands-on Enterprise Service Management (ESM) and ITSM software experience (ServiceNow, etc.).
• Hands on experience with related ESM/ITSM tools and processes (CMDB, ITAM, APM).
• Experience with lifecycle management and decommissioning.
• Experience working across diverse teams, including IT, Security, Compliance and business stakeholders.
• Prior team leadership experience.