The Senior Technical Manager, Vulnerability Management (VM) role will lead a team of skilled professionals, in identifying and assessing application and infrastructure vulnerabilities within the company's ecosystem and tracking the timely remediation of them.
Responsibilities:
Managing the VM Team in the aspects of continuous Infrastructure Vulnerability Scanning & Configuration Compliance (for Platforms, Database, Network and Voice), Penetration Testing and Scanning for Application & Infrastructure Security and Development, Security & Operations (DevSecOps) , through hiring, training, coaching, objective setting and performance management of team members.
Managing the external service providers and product vendors, ensuring the appropriate service level performance is established, monitored and met.
Provide oversight on the handling of vulnerabilities identified, ensuring appropriate priority given to effectively remediate the vulnerabilities within the agreed timelines.
Ensure the relevant and adequate coverage of vulnerability intelligence, to provide relevant assessment of the vulnerabilities in the Club's context and the external threat landscape.
Ensure the vulnerability management services provided for applications (incl. DevSecOps) and infrastructure are operating effectively.
Continuously identify control and coverage gaps, and improvement initiatives to uplift the Vulnerability Management service.
Develop and present the VM metrics, reports and service highlights to the business and IT stakeholders.
Act as the lead during actively exploited or critical severity vulnerabilities being identified, lead the development of the vulnerability response plan and oversee the implementation of it.
Requirements:
Degree in Computer Science, Information Security, and/or related discipline.
12 years or more of working experience in the related field, with at least 5 years in the Vulnerability Management domain across various disciplines, including leading and managing teams.
Strong experience covering Vulnerability Management services and required operating procedures.
High degree of logical and analytical thinking skills, particularly on the different categories of vulnerabilities and how they work.
Strong service and customer focused approach to the service being delivered.
Excellent interpersonal, collaborative and communication skills.
Well-disciplined with exemplary professional competence and integrity.
Experience with the following services and technologies - Vulnerability Assessment, DevSecOps, Pen-Testing, Secure Code Review, Attack Surface Management, Red Team
Industry-recognised certification in one or more of the following - CISSP, CISM, etc.
