EXL
Senior Assistant Vice President- Application & Cloud Security
EXL, Jersey City, New Jersey, United States, 07390
Join to apply for the
Senior Assistant Vice President- Application & Cloud Security
role at
EXL
1 week ago Be among the first 25 applicants
This range is provided by EXL. Your actual pay will be based on your skills and experience — talk with your recruiter to learn more.
Base pay range $125,000.00/yr - $155,000.00/yr
About EXL:
EXL (NASDAQ:EXLS) is a leading operations management and analytics company that helps businesses enhance growth and profitability in the face of relentless competition and continuous disruption. Using our proprietary, award‑winning methodologies, that integrate advanced analytics, data management, digital, BPO, consulting, industry best practices and technology platforms, we look deeper to help companies improve global operations, enhance data‑driven insights, increase customer satisfaction, and manage risk and compliance. EXL serves the insurance, healthcare, banking and financial services, utilities, travel, transportation and logistics industries. Headquartered in New York, New York, EXL has more than 60,000+ professionals in locations throughout the United States, Europe, Asia (primarily India and Philippines), Latin America, Australia and South Africa.
Senior AVP/ AVP - Application & Cloud Security
to lead our Product Security function across the full software and cloud technology stack. The role will own end‑to‑end vision, execution, and continuous improvement of application and cloud security capabilities across the firm. This leader will serve as a key partner to engineering, development, architecture, cloud, infrastructure, and product teams—helping embed security into every layer of our delivery model while reducing business friction and maintaining velocity. The role also supports our broader enterprise security architecture and governance efforts through direct participation in architectural reviews and security advisory forums.
Responsibilities
Define and execute the security strategy for application and cloud environments, aligned to business priorities, delivery timelines, and compliance requirements
Lead by example with a strong hands‑on presence in technology, tooling, and program execution
Proactively identify, assess, and track vulnerabilities, control gaps, and architectural risks across products and cloud platforms
Prioritize remediation efforts based on risk, business impact, and threat intelligence—partnering with engineering teams to drive resolution
Provide real‑time advisory to development teams during design, build, and release stages
Scale security guardrails and developer‑friendly tooling across hybrid and cloud‑native environments (AWS, containers, IaC, etc.)
Champion threat modeling, secure coding practices, and resilience‑by‑design at the feature level
Define and govern secure reference architectures and patterns for cloud adoption, microservices, and serverless environments
Collaborate with the Enterprise Architecture team and serve as a core member of the Security Architecture Review Board (SARB)
Deploy and optimize a modern security tooling stack including SAST, DAST, SCA, IaC scanning, CSPM, secrets detection, and runtime protection
Act as a key collaborator across product, engineering, infrastructure, and DevOps teams—reducing security friction and aligning controls with workflows
Build trust through enablement, education, and repeatable guidance frameworks
Lead, mentor, and grow a high‑performing team of AppSec and CloudSec professionals
Foster a culture of innovation, ownership, and technical excellence within the team
Define and report on KPIs/KRIs tied to application and cloud security posture, remediation progress, and control maturity
Support compliance, audit, and customer security assurance initiatives
Qualifications
10+ years in cybersecurity with a focus on application and/or cloud security
5+ years of team leadership, with proven experience building and scaling security engineering functions
Execution experience and capability in a fast‑paced environment
Demonstrated ability to balance strategic direction with hands‑on technical execution
Strong expertise in secure SDLC, threat modeling, DevSecOps, and cloud‑native architectures
Experience in securing modern technology stacks including Java, Python, microservices, container orchestration, and public cloud (preferably AWS)
Familiarity with key tooling: SAST, DAST, SCA, IaC scanning, secrets detection, CSPM, WAF, and API security platforms
Proficiency in cloud infrastructure security (IAM, networking, data protection, KMS, etc.)
Bachelor’s degree in computer science, Cybersecurity, or a related technical field; advanced degree or certifications (e.g., CISSP, CSSLP, CCSP, AWS Security Specialty) preferred
Bonus Points If You Have
Experience building or advising on AI/ML privacy practices, including model governance, training data management, or privacy risk mitigation in LLM pipelines.
Prior experience working in high‑sensitivity or regulated industries, such as security, healthcare, or fintech.
Contributions to open source, policy working groups, or public thought leadership on privacy engineering.
Strong expertise in secure SDLC, threat modeling, DevSecOps, and cloud‑native architectures.
Experience in securing modern technology stacks including Java, Python, microservices, container orchestration, and public cloud (preferably AWS).
Familiarity with key tooling: SAST, DAST, SCA, IaC scanning, secrets detection, CSPM, WAF, and API security platforms.
Proficiency in cloud infrastructure security (IAM, networking, data protection, KMS, etc.).
Research and evaluate emerging privacy technologies from academia and industry, contributing to open‑source tools and AI privacy standards.
Act as consultant and advocate for privacy best practices as central to our mission of Responsible AI.
Preferred Qualifications
Strong communicator with the ability to positively influence engineers, developers, architects, and business leaders alike
Thoughtful, pragmatic, and able to execute in a high‑velocity, agile environment
Deeply collaborative and experienced at embedding security into developer culture
Track record of reducing risk without slowing down innovation
Being articulate and precise to the internal stakeholders who are seeking counsel on what are the risks, why are they impactful, and options on how to resolve them
Broad knowledge across the Security domain, as well as demonstrated focus in AI security evaluations and in one (or more) areas of Cybersecurity such as Red Teaming, Purple Teaming, Vulnerability Research, and Exploitation
Master's degree or foreign degree equivalent in Information Systems Engineering, Computer Science, Engineering, Information Security, Cyber Security, Information Assurance, or related field
Referrals increase your chances of interviewing at EXL by 2x
#J-18808-Ljbffr
Senior Assistant Vice President- Application & Cloud Security
role at
EXL
1 week ago Be among the first 25 applicants
This range is provided by EXL. Your actual pay will be based on your skills and experience — talk with your recruiter to learn more.
Base pay range $125,000.00/yr - $155,000.00/yr
About EXL:
EXL (NASDAQ:EXLS) is a leading operations management and analytics company that helps businesses enhance growth and profitability in the face of relentless competition and continuous disruption. Using our proprietary, award‑winning methodologies, that integrate advanced analytics, data management, digital, BPO, consulting, industry best practices and technology platforms, we look deeper to help companies improve global operations, enhance data‑driven insights, increase customer satisfaction, and manage risk and compliance. EXL serves the insurance, healthcare, banking and financial services, utilities, travel, transportation and logistics industries. Headquartered in New York, New York, EXL has more than 60,000+ professionals in locations throughout the United States, Europe, Asia (primarily India and Philippines), Latin America, Australia and South Africa.
Senior AVP/ AVP - Application & Cloud Security
to lead our Product Security function across the full software and cloud technology stack. The role will own end‑to‑end vision, execution, and continuous improvement of application and cloud security capabilities across the firm. This leader will serve as a key partner to engineering, development, architecture, cloud, infrastructure, and product teams—helping embed security into every layer of our delivery model while reducing business friction and maintaining velocity. The role also supports our broader enterprise security architecture and governance efforts through direct participation in architectural reviews and security advisory forums.
Responsibilities
Define and execute the security strategy for application and cloud environments, aligned to business priorities, delivery timelines, and compliance requirements
Lead by example with a strong hands‑on presence in technology, tooling, and program execution
Proactively identify, assess, and track vulnerabilities, control gaps, and architectural risks across products and cloud platforms
Prioritize remediation efforts based on risk, business impact, and threat intelligence—partnering with engineering teams to drive resolution
Provide real‑time advisory to development teams during design, build, and release stages
Scale security guardrails and developer‑friendly tooling across hybrid and cloud‑native environments (AWS, containers, IaC, etc.)
Champion threat modeling, secure coding practices, and resilience‑by‑design at the feature level
Define and govern secure reference architectures and patterns for cloud adoption, microservices, and serverless environments
Collaborate with the Enterprise Architecture team and serve as a core member of the Security Architecture Review Board (SARB)
Deploy and optimize a modern security tooling stack including SAST, DAST, SCA, IaC scanning, CSPM, secrets detection, and runtime protection
Act as a key collaborator across product, engineering, infrastructure, and DevOps teams—reducing security friction and aligning controls with workflows
Build trust through enablement, education, and repeatable guidance frameworks
Lead, mentor, and grow a high‑performing team of AppSec and CloudSec professionals
Foster a culture of innovation, ownership, and technical excellence within the team
Define and report on KPIs/KRIs tied to application and cloud security posture, remediation progress, and control maturity
Support compliance, audit, and customer security assurance initiatives
Qualifications
10+ years in cybersecurity with a focus on application and/or cloud security
5+ years of team leadership, with proven experience building and scaling security engineering functions
Execution experience and capability in a fast‑paced environment
Demonstrated ability to balance strategic direction with hands‑on technical execution
Strong expertise in secure SDLC, threat modeling, DevSecOps, and cloud‑native architectures
Experience in securing modern technology stacks including Java, Python, microservices, container orchestration, and public cloud (preferably AWS)
Familiarity with key tooling: SAST, DAST, SCA, IaC scanning, secrets detection, CSPM, WAF, and API security platforms
Proficiency in cloud infrastructure security (IAM, networking, data protection, KMS, etc.)
Bachelor’s degree in computer science, Cybersecurity, or a related technical field; advanced degree or certifications (e.g., CISSP, CSSLP, CCSP, AWS Security Specialty) preferred
Bonus Points If You Have
Experience building or advising on AI/ML privacy practices, including model governance, training data management, or privacy risk mitigation in LLM pipelines.
Prior experience working in high‑sensitivity or regulated industries, such as security, healthcare, or fintech.
Contributions to open source, policy working groups, or public thought leadership on privacy engineering.
Strong expertise in secure SDLC, threat modeling, DevSecOps, and cloud‑native architectures.
Experience in securing modern technology stacks including Java, Python, microservices, container orchestration, and public cloud (preferably AWS).
Familiarity with key tooling: SAST, DAST, SCA, IaC scanning, secrets detection, CSPM, WAF, and API security platforms.
Proficiency in cloud infrastructure security (IAM, networking, data protection, KMS, etc.).
Research and evaluate emerging privacy technologies from academia and industry, contributing to open‑source tools and AI privacy standards.
Act as consultant and advocate for privacy best practices as central to our mission of Responsible AI.
Preferred Qualifications
Strong communicator with the ability to positively influence engineers, developers, architects, and business leaders alike
Thoughtful, pragmatic, and able to execute in a high‑velocity, agile environment
Deeply collaborative and experienced at embedding security into developer culture
Track record of reducing risk without slowing down innovation
Being articulate and precise to the internal stakeholders who are seeking counsel on what are the risks, why are they impactful, and options on how to resolve them
Broad knowledge across the Security domain, as well as demonstrated focus in AI security evaluations and in one (or more) areas of Cybersecurity such as Red Teaming, Purple Teaming, Vulnerability Research, and Exploitation
Master's degree or foreign degree equivalent in Information Systems Engineering, Computer Science, Engineering, Information Security, Cyber Security, Information Assurance, or related field
Referrals increase your chances of interviewing at EXL by 2x
#J-18808-Ljbffr