Head Security & Compliance

NovelVox is 17+ year young technical savvy company with proven record of delivering world class software products in over 20 countries. NovelVox has been providing Contact Center Optimization Software Solutions to prominent names in the banking and finance, telecom, IT and government sectors since 2008.

Quick Facts

• Cisco preferred solution partner, Genesys AppFoundry Premium Member, and Avaya Devconnect Partner
• Great Place to Work certified
• Awarded as 10 Most Recommended Contact Center Solution Providers by CIO insiders
• 5 Global offices in the US, UK, India, Saudi Arabia, and UAE
• 140+ team of strong software development professionals
• 300+ Active deployments for customers in 20+ countries, including LinkedIn, P&G, American Express, Best Buy, Reliance JIO, FedEx, Axis Bank, and more.
• Serving 5+ Fortune 500 Companies
• 98.7% customer retention ratio
• World's first and only Drag & Drop Designer studio for Contact Centers
• Industry verticalized solutions for Banking, Credit Unions (US only), Insurance, Healthcare, Government, Retail, Telco, etc.
• Largest library of 75+ ready Contact Center Integrations, including core systems
• One stop solution for integration, digital channel engagement, reporting & monitoring, chatbots, etc. to optimize contact center performance end to end.
• Have a look at the following link to know more about our products https://www.youtube.com/resultssearch_query=novelvox

Why we

• Nurturing Work Environment
• Work-Life Balance
• Focus on capability Building
• Opportunity to Learn and Grow
• High Performance & Rewarding Culture
• Amazing Talent Engagement Opportunities
• Engagement at the core
• Industry benchmarked Salary

We are looking for a hands-on security leader who owns practical security execution, not paperwork. This role exists to ensure that product releases, delivery practices, and customer interactions consistently meet security expectationsespecially in regulated industries like healthcare and banking.

This is not a CISO role. This is an execution-first security leadership role with authority, accountability, and direct access to executive leadership.

Core Objective

Prevent avoidable security incidents caused by:

• Tool misuse (e.g., Postman, file sharing)
• Poor release hygiene
• Delivery shortcuts under customer pressure

And when something does happen:

• Act as the single authoritative face to customers
• Drive root cause analysis
• Implement permanent preventive controls

Key Responsibilities

1. Security Governance (Practical, Not Bureaucratic)

• Define non-negotiable security standards for:
• API testing tools
• File sharing
• Source code handling
• Release artifacts
• Convert policies into enforceable controls, not guidelines
• Maintain a clear allowed / disallowed tools list

2. Product & Release Security

• Own the security gate for all product releases:
• Mandatory VAPT / SAST / DAST artifacts
• Verification that no test code, debug flags, or credentials are included
• Work with product engineering to:
• Define release checklists
• Automate scans where possible
• Periodically review legacy components for risk exposure

3. Delivery Security & Field Discipline

• Define secure delivery playbooks for:
• Customer testing
• Data exchange
• Temporary access
• Eliminate ad-hoc practices (e.g., Dropbox, personal tools)
• Train delivery teams on what is never allowed, regardless of customer pressure

4. Incident Response & Customer Trust

• Act as the single point of leadership during:
• Security findings
• Ethical hacking disclosures
• Customer audits or security reviews
• Lead:
• Root cause analysis
• Corrective and preventive actions (CAPA)
• Prepare executive-ready and customer-ready incident reports

5. Compliance & External Readiness

• Support security requirements for:
• Healthcare (HIPAA)
• Banking / Financial institutions
• Coordinate:
• External security consultants
• Penetration testing vendors
• Maintain audit-ready documentation without slowing delivery

6. Internal Enablement (Not Just Training)

• Design short, practical security training for:
• Delivery teams
• Product teams
• Focus on real scenarios, not theoretical security
• Continuously reinforce expectations through process and tooling

Required Experience

Must-Have

• 815 years in application security, product security, or delivery security
• Hands-on experience with:
• API security
• Web applications
• SaaS platforms
• Prior experience supporting:
• Enterprise customers
• Regulated industries (healthcare, banking, financial services)
• Proven ability to push back on customers without damaging relationships

Strongly Preferred

• Background as:
• Senior architect
• Principal engineer
• Security consultant
• Experience working in:
• Product companies (not just IT services)
• Exposure to:
• SOC2, HIPAA, ISO 27001 (certification not mandatory)

Skills & Competencies

Technical

• API security & OAuth concepts
• Secure SDLC
• Vulnerability scanning (VAPT, SAST, DAST)
• Secure file transfer mechanisms
• Cloud security fundamentals (AWS preferred)

Leadership & Judgment (This Matters More)

• Strong decision-making under pressure
• Willingness to say No, this is not allowed
• Calm, authoritative communication with customers
• Zero tolerance for shortcuts disguised as urgency

Best Fit Profile

This role is NOT for:

• Policy-only security people
• Audit-only professionals
• Compliance checkbox specialists

This role IS ideal for someone who:

• Has seen security failures caused by human shortcuts
• Understands how delivery teams actually behave
• Can balance speed with discipline
• Is comfortable being unpopular when needed

Reporting & Authority

• Reports directly to the CEO
• Has authority to:
• Block releases on security grounds
• Enforce delivery security standards
• Escalate non-compliance immediately

Success Metrics (First 12 Months)

• Zero repeat incidents from the same root cause
• Clear reduction in customer-flagged security findings
• Consistent, audit-ready release process
• Increased customer confidence during security reviews