Senior Assistant Vice President

Responsibilities

• Strategic Leadership:
• Develop and execute a comprehensive application security strategy that aligns with the organization’s business goals and technology landscape.
• Lead and mentor a global team of application security professionals, fostering a culture of excellence and continuous improvement.
• Collaboration and Integration:
• Collaborate with development, DevOps, and IT teams to integrate security practices into the software development lifecycle (SDLC) and DevOps processes.
• Knowledge of secure coding principles and practices to prevent vulnerabilities such as SQL injection, XSS, and CSRF.
• Experience with static application security testing (SAST), dynamic application security testing (DAST), and interactive application security testing (IAST) tools.
• Work closely with product management and engineering teams to ensure security requirements are defined and implemented in new products and features.
• Establish and enable a high security baseline for all container environments across repositories, CI/CD pipelines and runtime analysis.
• Threat Management and Vulnerability Assessment:
• Oversee the identification and assessment of application security threats, vulnerabilities, and risks.
• Implement and manage vulnerability management programs, including regular security assessments, penetration testing, and code reviews.
• Regulatory Compliance and Reporting:
• Ensure compliance with relevant regulatory requirements and industry standards.
• Prepare and present regular reports on the status of application security programs, metrics, and incidents to executive leadership and the board of directors.
• Innovation and Continuous Improvement:
• Stay abreast of emerging security trends, threats, and technologies, and continuously evaluate and improve the organization’s application security posture.
• Foster a culture of innovation, encouraging the adoption of advanced security technologies and practices.
• Primary Internal Interactions:
• Works in a consultative fashion with cross-functions EXL teams (Cloud CCOE, Domain Platform, Legal, Global Technology, Compliance) and external partners, advising on Cloud Security opportunities in a collaborative to improve information security efficiency and effectiveness
• Primary External Interactions:
• Interaction with vendors/ OEMs during Design, Implementation and Troubleshooting and ongoing service management.
• Technical Skills:
• Deep knowledge of application security frameworks, standards, and best practices
• Proficiency in DevSecOps, secure coding practices, threat modeling, and security testing methodologies
• Strong understanding of cloud platforms (AWS, Azure, GCP) and their security features.
• Cloud security administration
• Cloud security architecture
• Cloud network engineering
• Cloud engineering
• Cloud governance
• Container security or engineering
• Offensive Security
• Vulnerability Management
• Minimum security Baseline
• Secure Configuration Audit
• Application Security
• Breach Attack Simulation
• Security Architecture
• Threat Modelling
• Architecture Review
• Soft Skills:
• Cloud security administration
• Ability to handle senior management escalation - Vendor management Skills
• Effective communication
• Proficient team leader
• Business Acumen
• Decision making and communication
• Risk management skills
• Knowledge of latest cybersecurity trends & global industry best practices pertaining to financial Industry
• Operational experience in a Global-multi Industry-Regulated-Growth business environment
• Knowledge of Advanced Cyber Security Capabilities in the Industry
• Cyber Risk Management mindset
• Self-Started & Sense of Purpose