Senior Vice President, Information Security
BNY · State of Mahārāshtra, India - China
BNY · State of Mahārāshtra, India - China
We’re seeking a future team member for the role of Senior Vice President, Information Security to join our Cyber Security – Identity and Access Management team. This role is located in Pune. In this role, you’ll make an impact in the following ways: - Executive title with hands-on technical leadership. You will architect, code, and lead delivery of enterprise-scale IAM platforms and services. Own end-to-end solutions across authentication, authorization, identity lifecycle, and security posture. Partner with senior stakeholders to align technology strategy with business outcomes while mentoring engineers and driving best-in-class engineering practices. - Lead full-stack delivery of secure, resilient IAM capabilities (authentication, authorization, identity lifecycle) across enterprise applications. - Set technical direction for Java/Spring-based services and web apps; enforce standards for reliability, performance, and security. - Raise the bar on security (MFA, OAuth2/OIDC, LDAP/AD integrations, API security, authorization models) and operational excellence. - Reduce incidents via robust observability, disciplined incident/problem management, and root-cause remediation. - Accelerate delivery through Git-based CI/CD, automated testing, and repeatable release processes. - Mentor and grow engineering talent, foster ownership, clarity, and continuous improvement. - Communicate architecture and trade-offs to senior leadership; align investments to measurable outcomes. To be successful in this role, we’re seeking the following: - Education/Experience: Bachelor’s in computer engineering (or equivalent); 15+ years in enterprise software; 5+ years leading teams/serving as tech lead. - Architecture & Design: Proven ability to design scalable, secure, highly available systems; clear documentation; lead design reviews and decision-making. - Engineering Stack: Java/J2EE, Spring (Boot/Core), Spring Security; Angular/TypeScript for front end with migration from legacy JSP to modern Angular; strong REST API design, versioning, testing, and governance; integration with enterprise identity providers. - Identity & Access: LDAP, SiteMinder, Active Directory; authentication/authorization models; MFA design and implementation; SSO and federation fundamentals. - Security: Web app security, API security, OAuth2/OpenID Connect, token flows, secure session management, threat modeling, and secure coding practices. - Data & Persistence: Oracle (or similar DBMS); schema design, SQL optimization, transaction integrity, and performance tuning. - DevOps & Delivery: Git-based CI/CD pipelines, automated testing, environment promotion, release readiness, secrets/config management. - Reliability & Operations: Troubleshooting, incident/problem management, root-cause analysis; application debugging; performance profiling and optimization; observability (logging, metrics, tracing) and auditability. - Leadership & Communication: Hands-on ownership, stakeholder management, clear communication of architecture/trade-offs to senior leadership; ability to mentor and coach engineers; strong interpersonal skills. - Experience with enterprise web app security reviews and threat modeling. - Familiarity with authorization frameworks (RBAC/ABAC) and policy-as-code. - Exposure to SSO, identity federation, and integrating with enterprise IdPs. - 50–70% individual contribution (design, coding, reviews); remainder spent on technical leadership and stakeholder alignment. - Own critical decisions, operational readiness, and measurable reliability/security outcomes.