Deputy Vice President - Program Management (API Security)

About Us

SBI Card is a leading pure-play credit card issuer in India, offering a wide range of credit cards to cater to diverse customer needs. We are constantly innovating to meet the evolving financial needs of our customers, empowering them with digital currency for seamless payment experience and indulge in rewarding benefits. At SBI Card, the motto 'Make Life Simple' inspires every initiative, ensuring that customer convenience is at the forefront of all that we do. We are committed to building an environment where people can thrive and create a better future for everyone.

SBI Card is proud to be an equal opportunity & inclusive employer and welcome employees without any discrimination on the grounds of race, color, gender, religion, creed, disability, sexual orientation, gender identity, marital status, caste etc. SBI Card is committed to fostering an inclusive and diverse workplace where all employees are treated equally with dignity and respect which makes it a promising place to work.

Join us to shape the future of digital payment in India and unlock your full potential.

What’s in it for YOU

1. SBI Card truly lives by the work-life balance philosophy. We offer a robust wellness and wellbeing program to support mental and physical health of our employees
2. Admirable work deserves to be rewarded! We have a well curated bouquet of rewards and recognition program for the employees
3. Dynamic, Inclusive and Diverse team culture 
4. Gender Neutral Policy
5. Inclusive Health Benefits for all - Medical Insurance, Personal Accidental, Group Term Life Insurance and Annual Health Checkup, Dental and OPD benefits
6. Commitment to overall development of an employee through comprehensive learning & development framework

Role Purpose 

Strengthen API security by governing and enhancing security controls for safe consumer access.Ensure robust secrets and API key protection through centralized management using Fortanix.Improve software supply‑chain transparency and compliance through effective SBOM management. Reduce application risk by driving proactive vulnerability detection and remediation with Fortify. Embed DevSecOps practices to integrate security into development workflows and accelerate secure delivery.

Role Accountability 

1. Security Governance: 
   • Owner of implementing and maintaining robust security controls on API platform to protect APIs, ensuring secure access, compliance, and risk reduction.
   • Guardrails for APIs used in AI solution:
   • Owner for defining, designing & implementing robust guard rails for API to be used in AI use case implementation to ensure protection of Data, ensuring secure access, compliance, and risk reduction.
2. Fortanix Secrets & API Key Management: 
   • Accountable for enforcing centralized governance of API keys, secrets, and tokens through Fortanix, including lifecycle management, rotation, and audit readiness.
3. SBOM Oversight & Compliance: 
   • Accountable for establishing and governing SBOM processes to ensure full visibility of software components and supply‑chain risks.
   • Accountable for end‑to‑end SBOM platform management, including configuration, integration with CI/CD pipelines, tool maintenance, and ensuring consistent adoption across engineering teams
4. Fortify Vulnerability Management: 
   • Accountable for driving proactive vulnerability detection, triage, and remediation using Fortify tool
   • Accountable for managing the Fortify platform, including onboarding applications, maintaining integrations, optimizing scanning workflows, and ensuring platform reliability and performance.
5. DevSecOps Integration & Enablement: 
   • Lead embedding of security into CI/CD pipelines across the enterprise, automating controls, and enabling development teams to adopt secure‑by‑design practices across the SDLC.

   • SOA goveranance: Person will be responsible for SOA goveranance and hence lifecycle of webservice. He will be responsible for creating, maintaining and publishing service catalogue of all services. He will ensure that business rules are consolidated at one place and not duplicated and services created are reusable and non redundant

      

Measures of Success 

1. Measurable reductions in API‑related risks and zero critical security incidents for API platform
2. Adoption of API security technologies such as Fortanix KMS, Fortify SBOMs etc
3. Security controls, automation, and guardrails are integrated into development workflows, resulting in faster, more secure releases and improved developer adoption of secure‑by‑design practices.
4. Demonstrated leadership in team collaboration, problem-solving, and adaptability to industry trends.

Technical Skills / Experience / Certifications

1. Expertise in API Security Standards, Service Oriented Architecture, Web Service repository, SOA-based services, SOAP, REST, WSDL. 
2. Hands on experience in Oracle Fusion 11g SOA stack and Google APIgee stack

Competencies critical to the role

1. Expertise in Functional and Technical understanding of Digital Applications and APIs
   • Good Project Management skills
   • Good Communication Skills
   • Good Team management skills
2. Strong analytical skills - strong problem solving skills, communicates in a clear and succinct manner and effectively evaluates information / data to make decisions; anticipates obstacles and develops plans to resolve
3. Demonstrated customer focus - evaluates decisions through the eyes of the customer; builds strong customer relationships and creates processes with customer viewpoint
4. Stakeholders management - You need to effectively manage business and IT stakeholders through regular reviews and effective communication. You need to play as a strong team-member who can collaborate and lead large to midsized deliveries
5. Strong team player - The role entails working with multiple teams hence the candidate would need to display inclusiveness to lead as well as take the team along the life of the Program. Collaborates well with others to solve problems and actively incorporates input from various sources
6. Researcher Quick Learner - Person needs to be up to speed with the current trends in industry for digital IT solutions. Should be able to learn quickly and take necessary adaptation as required.

Qualification 

1. B.E, Btech, 
2. MBA (Systems), MCA is preferable

Preferred Industry

Banking and Financial Services