Vice President

Job Description

We are looking for a forward-thinking and skilled Application Security Leader to strengthen and drive our Application Security practice, with a focus on DevSecOps and cloud-native applications in EXL, a $2B Nasdaq-listed global cloud-native organization. This role demands a visionary leader with extensive experience in securing complex, multi-cloud and AI-based solutions/applications. This role is crucial as we enhance our digital business capabilities, especially in the context of handling sensitive Health and Insurance data. The ideal candidate will have a proven track record of developing and implementing robust application security programs, ensuring the protection of critical business applications and data, and leading a high-performing team of security professionals. Collaborate with senior management and department leaders to identify opportunities to improve EXL’s cloud security posture and establish a roadmap to mature the application security program. Essential Functions Strategic Leadership: Develop and execute a comprehensive application security strategy that aligns with the organization’s business goals and technology landscape. Lead and mentor a global team of application security professionals, fostering a culture of excellence and continuous improvement. Collaboration and Integration: Collaborate with development, DevOps, and IT teams to integrate security practices into the software development lifecycle (SDLC) and DevOps processes. Knowledge of secure coding principles and practices to prevent vulnerabilities such as SQL injection, XSS, and CSRF. Experience with static application security testing (SAST), dynamic application security testing (DAST), and interactive application security testing (IAST) tools. Work closely with product management and engineering teams to ensure security requirements are defined and implemented in new products and features. Establish and enable a high security baseline for all container environments across repositories, CI/CD pipelines and runtime analysis. Threat Management and Vulnerability Assessment: Oversee the identification and assessment of application security threats, vulnerabilities, and risks. Implement and manage vulnerability management programs, including regular security assessments, penetration testing, and code reviews. Regulatory Compliance and Reporting: Ensure compliance with relevant regulatory requirements and industry standards. Prepare and present regular reports on the status of application security programs, metrics, and incidents to executive leadership and the board of directors. Innovation and Continuous Improvement: Stay abreast of emerging security trends, threats, and technologies, and continuously evaluate and improve the organization’s application security posture. Foster a culture of innovation, encouraging the adoption of advanced security technologies and practices. Technical Skills Deep knowledge of application security frameworks, standards, and best practices. Proficiency in secure coding practices, threat modeling, and security testing methodologies. Strong understanding of cloud platforms (AWS, Azure, GCP) and their security features. Cloud security administration Cloud security architecture Cloud network engineering Cloud engineering Cloud governance Container security or engineering Offensive Security Vulnerability Management Minimum security Baseline Secure Configuration Audit Application Security Breach Attack Simulation Security Architecture Threat Modelling Architecture Review Business Impact Analysis Process Specific Skills: Working, real-world, knowledge of operationalizing cloud native security tools at scale (AWS Guard Duty, AWS WAF, GCP Security Center) Soft Skills (Minimum) Ability to handle senior management escalation Vendor management Skills Effective communication Proficient team leader Business Acumen Decision making and communication Risk management skills Knowledge of latest cybersecurity trends & global industry best practices pertaining to financial Industry Soft Skills (Desired) Operational experience in a Global-multi-Industry-Regulated-Growth business environment Knowledge of Advanced Cyber Security Capabilities in the Industry Cyber Risk Management mindset Self-Started & Sense of Purpose Primary Internal Interactions: Works in a consultative fashion with cross-functions EXL teams (Cloud CCOE, Domain Platform, Legal, Global Technology, Compliance) and external partners, advising on Cloud Security opportunities in a collaborative to improve information security efficiency and effectiveness Primary External Interactions: Interaction with vendors/ OEMs during Design, Implementation and Troubleshooting and ongoing service management. Work Experience Requirements Should have a minimum of 12 years of overall cyber security experience, preferably with wide exposure to various security domains such as Architecture, Application Security, Compliance, Security Operations etc. 5+ years of industry experience in Cloud Security Architecture with strong demonstrable knowledge of Cloud Security related to Multi-Cloud environments - Containerization, Cloud Security Architecture, Cloud Identity Management, encryption, Key Management, S-SDLC, DevSecOps, etc. Show more Show less