Senior Vice President, Strategic Cybersecurity and Data Privacy

EXL Services


The Vice President- Information Security and Data Privacy will play a critical role in conceptualizing strategy, and driving our global Information security and data privacy program. The role will report into CISO and collaborate closely with cross-functional leaders in Legal, HR, Marketing with EXL to ensure that our Information security and data handling practices comply with relevant regulations, EXL’s clients’ expectations, and industry best practices.


Geo Leader – Information Security and Cyber Security

  • Influences and serves as an internal information security leadership advisor and subject matter expert to the organization on various information security initiatives
  • Represents the Office of the Chief Information Officer and Chief Information Security Officer and presents to executive leadership
  • Drives, implements, enforces, and maintains Information Security, Identity and Access Management, and Cyber GRC policies, procedures, metrics, and measurements
  • Influences and collaborates with ERM, TPRM, Technology, Legal, and HR teams as needed to ensure alignment of policies and procedures
  • Leads the Organization’s Security interface with Client Relations for client due diligence, information security questionnaires, and site visits
  • Directs and improves the cybersecurity related portions of the vendor management due diligence and assessment process
  • Provides leadership over Cyber GRC controls, audits, and SOC2 preparation
  • Appropriately assesses risk when business decisions are made, including but not limited to compliance and operational risk.

Leader – Data Privacy and Protection

  • Develops, implements, reviews, and manages data privacy and protection policies, procedures, and guidelines in alignment with applicable laws and regulations (e.g., GDPR, CCPA, HIPAA).
  • Monitors and assesses data processing activities to ensure compliance with privacy laws and contractual obligations, including data transfer mechanisms and third-party data sharing agreements.
  • Conducts regular data protection impact assessments (DPIAs) to identify and mitigate potential privacy risks associated with new or existing projects.
  • Collaborates with legal, Technology, and other functions to ensure that data privacy considerations are embedded in data processing activities, system design, and data handling procedures.
  • Responds to alleged violations of rules, regulations, policies, procedures, and Standards of Conduct by evaluating or recommending the initiation of investigative procedures.
  • Provides guidance with contract review in the areas of privacy compliance, privacy and security with emphasis on business associate agreements.
  • Provides guidance and training to employees on data protection regulations and best practices to enhance overall awareness and compliance.
  • Establishes and maintains records of data processing activities, including data inventories, data flows, and data retention schedules.
  • Monitors emerging trends and changes in data privacy regulations to ensure continuous alignment of policies and practices with evolving requirements.
  • Leads incident response efforts in the event of a data breach, including coordination with internal and external stakeholders, timely notification, and remediation.
  • Works with various management teams across the company to align the privacy team’s vision to meet the business requirements.
  • Develops a strategy with Business Units to promote EXL privacy program as a service.
  • Consults with internal legal representatives, as well as EXL Compliance Officer, as needed to address difficult legal compliance issues.
  • Interfaces with external auditors, regulatory agencies, and clients/customers.
  • Oversees all Business Associate Agreement privacy compliance and monitoring.
  • Oversees vendor privacy compliance including establishing onboarding and offboarding policies and procedures.
  • Completes all responsibilities as outlined on the annual Performance Plan.
  • Completes all special projects and other duties as assigned.


  • Bachelor’s degree required; Master’s degree and/or Compliance-specific certifications preferred (CISSP, CIPP/E, CEH etc)
  • Minimum 15 years’ compliance and privacy experience, with increasing levels of responsibility and oversight as a technical professional.
  • Experience implementing and building a successful compliance and privacy program strongly desired.
  • The intellect and energy to excel in a complex and ever-changing environment.
  • Senior leader with proven experience in growth-oriented businesses in the healthcare information and analytics space with strong competencies in developing and leading privacy compliance programs.
  • Established leader who is results-oriented.
  • Requires the ability to synthesize and utilize data for problem diagnostics.
Apply Now
Contact Fiverrpromotion through whatsapp 0