Senior Manager – Application Security & Risk Assessment

Job Title

Senior Manager Application Security & Risk Assessment

Location

Bangalore, India

Experience

6+ years (preferably 8+ years for Senior Manager readiness)

Role Overview

We are seeking an experienced Senior Manager Application Security & Risk Assessment to lead application security initiatives with a strong focus on dynamic risk assessment methodologies . The role requires deep expertise in secure application design, threat modeling, vulnerability management, and risk-based decision-making , along with strong stakeholder management capabilities.

The incumbent will be responsible for embedding security across the application lifecycle, conducting advanced application risk assessments, and aligning security controls with business risk appetite.

Key Responsibilities

Application Security Leadership

• Lead and oversee application security programs across web, mobile, cloud-native, and API-based applications.
• Define and implement secure SDLC (SSDLC) practices including security requirements, design reviews, code reviews, and testing.
• Drive application security strategy aligned with enterprise risk management and regulatory requirements.

Risk Assessment & Dynamic Risk Methodology

• Design and execute dynamic, risk-based application security assessments considering threat context, business criticality, exploitability, and impact.
• Perform and review application risk assessments , threat modeling (STRIDE, attack trees), and risk scoring frameworks (CVSS with business context).
• Translate technical findings into risk-focused insights for senior leadership and business stakeholders.

Security Testing & Vulnerability Management

• Oversee SAST, DAST, IAST, SCA , and penetration testing programs.
• Review and validate findings from VAPT, bug bounty, and red team exercises.
• Drive remediation prioritization based on risk severity and business exposure , not just vulnerability scores.

Governance, Compliance & Stakeholder Management

• Ensure application security controls align with ISO 27001, NIST, OWASP, and internal security standards .
• Partner with Engineering, DevOps, Architecture, Risk, and Compliance teams to embed security early in development.
• Present risk assessments, dashboards, and executive summaries to senior management and clients.

Team & Practice Development

• Mentor and manage application security and risk assessment teams.
• Develop reusable risk frameworks, assessment templates, and security playbooks.
• Support pre-sales, proposals, and client advisory engagements related to application security.

Required Skills & Experience

Technical & Functional Expertise

• 6+ years of experience in Application Security, Information Security, or Cyber Risk roles.
• Strong hands-on knowledge of:
• Web, mobile, API, and cloud application security
• OWASP Top 10, API Top 10, and common attack vectors
• Secure coding practices and architectural risk analysis
• Proven experience in risk-based and dynamic risk assessment methodologies .
• Strong understanding of DevSecOps tools and CI/CD security integration.

Certifications (Any combination of major certifications preferred)

• CISSP
• CISM
• CISA
• CCSP
• OSCP / OSWE / GWAPT
• CEH (Practical preferred)
• CRISC
• Any equivalent advanced cybersecurity or application security certification

Soft Skills

• Strong analytical and risk articulation skills
• Ability to communicate complex security risks in business terms
• Proven experience managing senior stakeholders and client-facing engagements
• Leadership, mentoring, and decision-making capability

Education

• Bachelors degree in Engineering, Computer Science, Information Security, or equivalent
• Masters degree or security specialization is a plus