Director - Product and Application Security

HCLSW seeks a Director, Head of Product & Application Security. The successful candidate will lead the end to end Product Security portfolio within HCL Software. Maintains and strengthens the risk posture across the organization through discovery and remediation of product security vulnerabilities and supply chain security. Establishes and communicates strategic vision for the programs, and ensures they align with development goals and opportunities. Leads a dynamic group of Application Security professionals worldwide, with expectations to expand team over time.

This individual is also expected to contribute to additional tasks in a cross-functional security team, especially assisting the Threat Management team; network and operating system vulnerability management; continuous monitoring and reporting; security incident handling, and participation in vendor and third-party application security reviews.

Key Responsibilities:

• Develop and execute secure software development strategy in the form of Secure SDLC for the enterprise, including policies, standards and governance
• Advance and execute a software supply chain security development strategy to include Identify security risk and vulnerabilities across client's supply chain partners as well and track implementation of corrective action plans by supply chain partners
• Identify and manage risks involved with use the of AI within products and within the development of products
• Manage Product Risk management and risk profiling
• Lead the updating of the Secure Engineering Framework.
• Manage the Vulnerability and Penetration Testing Team
• Manage relationships with multiple 3rd party penetration testing vendors
• Oversee the security portion of release management
• Manage Product Security incident response program and team
• Make data-based decisions and considers measurable metrics as part of the initiative
• Consult with Development, Operations and Product groups on technical security issues.
• Closely partner with PISOs, Development Leads to integrate security tool automation such as SAST, DAST, Container Analysis and other security tools
• Directly engage development leaders to understand their challenges, roll-up sleeves when needed and understand/address their issues at a technical level
• Lead Comprehensive Penetration Testing Activities, to include both staff and vendor relationships
• Manage Delivery of Developer Security Training

Key Skills:

• Proven ability to define strategic visons and lead team through execution.
• Strong understanding of AI, LLMs and other AI technology
• Strong planning, organizational, and leadership skills, including the ability to motivate teams, set strategic vision and approach, and resolve conflict.
• Proven ability to learn, evaluate, and adapt to new technologies and tools.
• SecDevOps, or DevSecOps, process framework experience.
• Ability to build a strong network, both inside and outside the organization.
• Excellent written and verbal communication skills, and ability to present ideas to all organizational levels.
• Ability to work in a dynamic environment, managing multiple initiatives and commitments simultaneously with tight deadlines and changing priorities.
• Flexibility to contribute as needed, even in areas not tightly mapped to stated responsibilities.

Mandatory Qualifications

• Experienced people manager with years combined experience in application development, application security, vulnerability management, and/or network security.
• Strong working knowledge of secure coding principles, practices, and frameworks such as OWASP Top Ten and SANS 20 Critical Security Controls.
• Hands-on experience with application security and vulnerability management tools.
• Working knowledge of comprehensive information security principles and practices.
• Bachelor of Science in Computer Science or related field required. Master of Science in Information Security or related field preferred.

Desirable Certifications

• CISSP, CSSLP, CISM, CISA, CEH, GPEN, GWAPT, Hyperscaler certifications