EXL Service - Senior Assistant Vice President - Information/Cyber & Application Security

Job Description :

Position Title, Responsibility Level : SAVP

Function : Global Technology (Information Security)

Reports to : Vice President - Information Security & Cyber Security

Permanent/ Temporary : Permanent

Span of Control : 8-10

Location : Noida

Basic Function :

Primarily responsible Leading and Managing the Enterprise Threats / Vulnerability / Risk posture through establishing a strong framework and continual improvement for :

- Infrastructure Network Vulnerability Assessment and Penetration Testing

- Secure Application Development Framework and Security Assessments

- Designing a framework for Cyber Security Offensive testing, Cyber Drills, Red Teaming, Bugs Bounty and Social Engineering simulations to test and drive improvement initiatives for cyber readiness

- Designing and Enhancing Enterprise Security Architecture

Essential Functions :

The role is responsible for ensuring continued and successful security assessments and operations in the following areas :

Infrastructure Security :

To lead a team responsible for :

- Managing Vulnerability Management System (Qualys, Nessus), Penetration Testing, and configuration reviews.

- To coordinate and facilitate the information security audits (including process & technical audits - VA/PT), and work with technology teams for the observations closure.

- To Perform and Manage Enterprise wide Risk Assessment. To coordinate with various functions for timely execution of Risk Assessment for Technology function.

- To test and research new vulnerabilities

- To perform red team exercises and conduct ethical pen testing and cyber-attack simulations

- To contribute in ISO27001 and PCI DSS certifications audits.

Application Security :

To lead a team responsible for :

- Maturity of Secure Development of Application(SDLC process)

- Secure Software Requirements - capturing security requirements in the requirements gathering phase

- Secure Software Design - translating security requirements into application design element

- Secure Software Implementation/Coding - unit testing for security functionality and resiliency to attack, and developing secure code and exploit mitigation

- Secure Software Testing - integrated QA testing for security functionality and resiliency to attack

- Software Acceptance - security implication in the software acceptance phase

- Software Deployment, Operations, Maintenance and Disposal - security issues around steady state operations and management of software

Security Assessments and Architecture :

- Design Security Architecture standard for the organization

- To conduct security risk assessments for technology architecture and solutions, including cloud and

- Determines security requirements by evaluating business strategies and requirements

- Researching and enhancing organizational security architecture standards

- Ensuring Technology Solutions and Applications are supported by robust and resilient Security Architecture

Primary Internal Interactions :

- Technology Function (Network, Systems, Applications etc)

- Business Teams

Primary External Interactions :

- Clients

- Auditors (Big 4s)

- Security Suppliers

Organizational Relationships :

Reports To : Vice President - Information Security & Cyber Security

Supervises : In - house and Supplier Security Team

Skills :

Technical Skills :

- VAPT

- Ethical Hacking

- Malware Analysis

- Cyber Drills

- Exploit analysis and design

- Application Security

- Security Architecture

Process Specific Skills :

- ISO27001

- Risk Assessment

Soft skills (Desired) :

- Capable of managing project tasks individually and as a team

- Ability to document and explain technical details in a concise & understandable manner

- Good Oral and written communication skills

- Good Presentation & Public speaking skills

Soft Skills (Minimum) : Same as above

Education Requirements : Graduation

One or more of the following certifications is desirable : CISSP / CEH / CHFI / ECSA / OSCP

Work Experience Requirements :

Total Experience : 14-18 years

- Hands on experience of working on Linux/Windows environment, Metasploit framework, Nessus, Qualys, Malware Analysis, Vulnerability Assessment and Penetration Testing, IBM AppScan, HP WebInspect, Burp Suite, NetSparker etc.