The Senior Technical Manager, Vulnerability Management (VM) role will lead a team of skilled professionals, in identifying and assessing application and infrastructure vulnerabilities within the company's ecosystem and tracking the timely remediation of them.
Responsibilities:
- Managing the VM Team in the aspects of continuous Infrastructure Vulnerability Scanning & Configuration Compliance (for Platforms, Database, Network and Voice), Penetration Testing and Scanning for Application & Infrastructure Security and Development, Security & Operations (DevSecOps) , through hiring, training, coaching, objective setting and performance management of team members.
- Managing the external service providers and product vendors, ensuring the appropriate service level performance is established, monitored and met.
- Provide oversight on the handling of vulnerabilities identified, ensuring appropriate priority given to effectively remediate the vulnerabilities within the agreed timelines.
- Ensure the relevant and adequate coverage of vulnerability intelligence, to provide relevant assessment of the vulnerabilities in the Club's context and the external threat landscape.
- Ensure the vulnerability management services provided for applications (incl. DevSecOps) and infrastructure are operating effectively.
- Continuously identify control and coverage gaps, and improvement initiatives to uplift the Vulnerability Management service.
- Develop and present the VM metrics, reports and service highlights to the business and IT stakeholders.
- Act as the lead during actively exploited or critical severity vulnerabilities being identified, lead the development of the vulnerability response plan and oversee the implementation of it.
Requirements:
- Degree in Computer Science, Information Security, and/or related discipline.
- 12 years or more of working experience in the related field, with at least 5 years in the Vulnerability Management domain across various disciplines, including leading and managing teams.
- Strong experience covering Vulnerability Management services and required operating procedures.
- High degree of logical and analytical thinking skills, particularly on the different categories of vulnerabilities and how they work.
- Strong service and customer focused approach to the service being delivered.
- Excellent interpersonal, collaborative and communication skills.
- Well-disciplined with exemplary professional competence and integrity.
- Experience with the following services and technologies - Vulnerability Assessment, DevSecOps, Pen-Testing, Secure Code Review, Attack Surface Management, Red Team
- Industry-recognised certification in one or more of the following - CISSP, CISM, etc.