AVP-Cyber-Healthcare security

AVP – Cybersecurity is responsible for overseeing cybersecurity operations and strategy within EXL Health and Life Sciences business units. This role ensures Confidentiality, Integrity, and Availability of information assets, particularly sensitive data (PHI). This role also involves implementing standards and security policies that are maintained and managing technical implementation projects. 

The roles responsibilities involves, manages application security, infrastructure security, SOC operations, incident response, and third-party risk management. With 10+ years in information security and at least 5 years in progressive leadership roles, you bring the proven ability to build resilient security programs, lead high-performing teams, and serve as a trusted advisor. Your background in regulated environments, including HIPAA/HITECH, combined with recognized security certifications, sets you apart. If you're ready to drive security in healthcare technology.

Major Deliverables:

• Conduct enterprise risk assessments and develop mitigation strategies.
• Ensure compliance with federal, state, and industry regulations governing PII, PHI, and other sensitive data.
• Coordinate security audits, vendor risk assessments, and penetration testing.
• Integrate security into business processes, product development, and IT operations, including DevSecOps practices.
• Overseeing all aspects of information security, including application security, infrastructure security and third-party risk management
• Serve as the primary escalation point for security events, coordinating containment, investigation, and post-incident reviews.
• Serving as a trusted advisor to executive leadership on security posture, risk, and enterprise resilience
• Defining and executing the company’s security strategy aligned with business objectives — building a proactive security posture that protects systems, data, and customers
• Leading major incident response efforts, from technical containment to executive and board-level communications
• Partnering with IT, DevOps, and business units to embed security into technology, systems, and business processes
• Managing SOC operations, threat detection, and secure design of systems, applications, and cloud environments (AWS, Azure)
• Ensuring adherence to leading security and compliance frameworks, including HIPAA, HITECH, FedRAMP, SOC 2, ISO 27001, and PCI DSS
• Supporting compliance teams by providing technical security expertise during audits and assessments
• Provide technical consultation and training to IT and business teams on secure design and operational practices.
• Foster a culture of security awareness through focused training programs.

Minimum Requirements:

• Minimum of 10 years of experience in cybersecurity, with deep expertise in healthcare regulations such as HIPAA, HITECH, and HITRUST 
• Equivalent experience or a degree in cybersecurity, information systems, or a related field. Advanced certifications (e.g., CISSP, CISM) or degrees are highly desirable 
• Proven success in shaping and executing security strategies and initiatives that improve patient data protection, regulatory alignment, and secure care delivery 
• Strong executive communication and facilitation skills, with experience leading workshops, building consensus, and influencing senior stakeholders 
• Demonstrated ability to lead cross-functional engagements, drive alignment, and proactively contribute to strategic opportunities 
• Familiarity with Generative AI (e.g., Copilot, Gemini) and its implications for security, governance, and risk management  
• Experience with agile methodologies, design thinking, and collaborative solution development 
• Ability to conduct market research and translate insights into actionable security strategies and content 
• Strong collaboration, influencing, and negotiation skills, with a relentless focus on customer success 
• Enjoyment from working in a fast-paced, dynamic environment where initiative and assertiveness are key 
• Passion for mentoring, sharing knowledge, and contributing to a culture of continuous learning 
• Research and evaluate emerging privacy technologies from academia and industry, contributing to open-source tools and AI privacy standards
• Act as consultant and advocate for privacy best practices as central to our mission of Responsible AI 

Preferred Qualifications:

• Strong communicator with the ability to positively influence engineers, developers, architects, and business leaders alike
• Thoughtful, pragmatic, and able to execute in a high-velocity, agile environment
• Deeply collaborative and experienced at embedding security into developer culture
• Track record of reducing risk without slowing down innovation
• Being articulate and precise to the internal stakeholders who are seeking counsel on what are the risks, why are they impactful, and options on how to resolve them
• Broad knowledge across the Security domain, as well as demonstrated focus in AI security evaluations and in one (or more) areas of Cybersecurity such as Red Teaming, Purple Teaming, Vulnerability Research, and Exploitation
• Master's degree (or foreign degree equivalent) in Information Systems Engineering, Computer Science, Engineering, Information Security, Cyber Security, Information Assurance, or related field

EXL (NASDAQ: EXLS) is a leading data analytics and digital operations and solutions company. We partner with clients using a data and AI-led approach to reinvent business models, drive better business outcomes and unlock growth with speed. EXL harnesses the power of data, analytics, AI, and deep industry knowledge to transform operations for the world’s leading corporations in industries including insurance, healthcare, banking and financial services, media and retail, among others. EXL was founded in 1999 with the core values of innovation, collaboration, excellence, integrity and respect. We are headquartered in New York and have more than 54,000 employees spanning six continents. For more information, visit www.exlservice.com. EXL never requires or asks for fees/payments or credit card or bank details during any phase of the recruitment or hiring process and has not authorized any agencies or partners to collect any fee or payment from prospective candidates. EXL will only extend a job offer after a candidate has gone through a formal interview process with members of EXL’s Human Resources team, as well as our hiring managers.