Director of Application Security

HCLSW seeks a Director, Head of Product & Application Security. The successful candidate will lead the end to end Product Security portfolio within HCL Software. Maintains and strengthens the risk posture across the organization through discovery and remediation of product security vulnerabilities and supply chain security. Establishes and communicates strategic vision for the programs, and ensures they align with development goals and opportunities. Leads a dynamic group of Application Security professionals worldwide, with expectations to expand team over time.This individual is also expected to contribute to additional tasks in a cross-functional security team, especially assisting the Threat Management team; network and operating system vulnerability management; continuous monitoring and reporting; security incident handling, and participation in vendor and third-party application security reviews.Key Responsibilities:Develop and execute secure software development strategy in the form of Secure SDLC for the enterprise, including policies, standards and governanceAdvance and execute a software supply chain security development strategy to include Identify security risk and vulnerabilities across client's supply chain partners as well and track implementation of corrective action plans by supply chain partnersIdentify and manage risks involved with use the of AI within products and within the development of productsManage Product Risk management and risk profilingLead the updating of the Secure Engineering Framework.Manage the Vulnerability and Penetration Testing TeamManage relationships with multiple 3rd party penetration testing vendorsOversee the security portion of release managementManage Product Security incident response program and teamMake data-based decisions and considers measurable metrics as part of the initiativeConsult with Development, Operations and Product groups on technical security issues.Closely partner with PISOs, Development Leads to integrate security tool automation such as SAST, DAST, Container Analysis and other security toolsDirectly engage development leaders to understand their challenges, roll-up sleeves when needed and understand/address their issues at a technical levelLead Comprehensive Penetration Testing Activities, to include both staff and vendor relationshipsManage Delivery of Developer Security TrainingKey Skills:Proven ability to define strategic visons and lead team through execution.Strong understanding of AI, LLMs and other AI technologyStrong planning, organizational, and leadership skills, including the ability to motivate teams, set strategic vision and approach, and resolve conflict.Proven ability to learn, evaluate, and adapt to new technologies and tools.SecDevOps, or DevSecOps, process framework experience.Ability to build a strong network, both inside and outside the organization.Excellent written and verbal communication skills, and ability to present ideas to all organizational levels.Ability to work in a dynamic environment, managing multiple initiatives and commitments simultaneously with tight deadlines and changing priorities.Flexibility to contribute as needed, even in areas not tightly mapped to stated responsibilities.Mandatory QualificationsExperienced people manager with 5-10+ years’ combined experience in application development, application security, vulnerability management, and/or network security.Strong working knowledge of secure coding principles, practices, and frameworks such as OWASP Top Ten and SANS 20 Critical Security Controls.Hands-on experience with application security and vulnerability management tools.Working knowledge of comprehensive information security principles and practices.Bachelor of Science in Computer Science or related field required. Master of Science in Information Security or related field preferred.Desirable CertificationsCISSP, CSSLP, CISM, CISA, CEH, GPEN, GWAPT, Hyperscaler certifications