Assistant Vice President Cybersecurity (Healthcare & Life Sciences)

Overview

About EXL: EXL (NASDAQ:EXLS) is a leading operations management and analytics company that helps businesses enhance growth and profitability in the face of relentless competition and continuous disruption. Using our proprietary, award-winning methodologies that integrate advanced analytics, data management, digital, BPO, consulting, industry best practices and technology platforms, we help companies improve global operations, enhance data-driven insights, increase customer satisfaction, and manage risk and compliance. EXL serves the insurance, healthcare, banking and financial services, utilities, travel, transportation and logistics industries.

Headquartered in New York, New York, EXL has more than 60,000+ professionals in locations throughout the United States, Europe, Asia (primarily India and Philippines), Latin America, Australia and South Africa.

AVP – Cybersecurity is responsible for overseeing cybersecurity operations and strategy within EXL Health and Life Sciences business units. This role ensures Confidentiality, Integrity, and Availability of information assets, particularly sensitive data (PHI). This role also involves implementing standards and security policies that are maintained and managing technical implementation projects.

Responsibilities

• Conduct enterprise risk assessments and develop mitigation strategies
• Ensure compliance with federal, state, and industry regulations governing PII, PHI, and other sensitive data
• Coordinate security audits, vendor risk assessments, and penetration testing
• Integrate security into business processes, product development, and IT operations, including DevSecOps practices
• Overseeing all aspects of information security, including application security, infrastructure security and third-party risk management
• Serve as the primary escalation point for security events, coordinating containment, investigation, and post-incident reviews
• Serving as a trusted advisor to executive leadership on security posture, risk, and enterprise resilience
• Defining and executing the company’s security strategy aligned with business objectives — building a proactive security posture that protects systems, data, and customers
• Leading major incident response efforts, from technical containment to executive and board-level communication
• Partnering with IT, DevOps, and business units to embed security into technology, systems, and business processes
• Managing SOC operations, threat detection, and secure design of systems, applications, and cloud environments (AWS, Azure)
• Ensuring adherence to leading security and compliance frameworks, including HIPAA, HITECH, FedRAMP, SOC 2, ISO 27001, and PCI DSS
• Supporting compliance teams by providing technical security expertise during audits and assessments
• Provide technical consultation and training to IT and business teams on secure design and operational practices
• Foster a culture of security awareness through focused training programs
• Minimum of 10 years of experience in cybersecurity, with deep expertise in healthcare regulations such as HIPAA, HITECH, and HITRUST
• Equivalent experience or a degree in cybersecurity, information systems, or a related field. Advanced certifications (e.g., CISSP, CISM) or degrees are highly desirable
• Proven success in shaping and executing security strategies and initiatives that improve patient data protection, regulatory alignment, and secure care delivery
• Strong executive communication and facilitation skills, with experience leading workshops, building consensus, and influencing senior stakeholders
• Demonstrated ability to lead cross-functional engagements, drive alignment, and proactively contribute to strategic opportunities
• Familiarity with Generative AI (e.g., Copilot, Gemini) and its implications for security, governance, and risk management
• Experience with agile methodologies, design thinking, and collaborative solution development
• Ability to conduct market research and translate insights into actionable security strategies and content
• Strong collaboration, influencing, and negotiation skills, with a relentless focus on customer success
• Enjoyment from working in a fast-paced, dynamic environment where initiative and assertiveness are key
• Passion for mentoring, sharing knowledge, and contributing to a culture of continuous learning
• Research and evaluate emerging privacy technologies from academia and industry, contributing to open-source tools and AI privacy standards
• Act as consultant and advocate for privacy best practices as central to our mission of Responsible A

Preferred Qualifications

• Strong communicator with the ability to positively influence engineers, developers, architects, and business leaders alike
• Thoughtful, pragmatic, and able to execute in a high-velocity, agile environment
• Deeply collaborative and experienced at embedding security into developer culture
• Track record of reducing risk without slowing down innovation
• Being articulate and precise to the internal stakeholders who are seeking counsel on what are the risks, why are they impactful, and options on how to resolve them
• Broad knowledge across the Security domain, as well as demonstrated focus in AI security evaluations and in one (or more) areas of Cybersecurity such as Red Teaming, Purple Teaming, Vulnerability Research, and Exploitation
• Master\'s degree (or foreign degree equivalent) in Information Systems Engineering, Computer Science, Engineering, Information Security, Cyber Security, Information Assurance, or related field

Salary & Benefits

Salary Range: 125K-160

For more information on benefits and what we offer please visit us at https://www.exlservice.com/us-careers-and-benefit