This is a senior leadership position for a Vulnerability Management Lead . It's not just a technical role; it's a strategic one that combines people leadership, vendor management, process orchestration, and executive communication . The core mandate is to build and run a world-class vulnerability management program that protects the firm's entire Enterprise digital estate (infrastructure, apps, cloud, network) from known threats.
Key Responsibilities:
- Team Leadership & Development: Lead the VM team through hiring, mentoring, and objective setting. Foster a culture of excellence and continuous learning in vulnerability scanning, penetration testing, and DevSecOps integration.
- Strategic Vendor Management: Manage relationships with external service providers and vendors, establishing strong service level agreements (SLAs) and ensuring performance targets are consistently met.
- End-to-End Vulnerability Governance: Provide expert oversight for the vulnerability lifecycle—from identification and risk assessment to remediation—ensuring timely and effective closure of issues based on threat intelligence and business context.
- Program Assurance & Innovation: Guarantee comprehensive coverage and effectiveness of all VM services. Continuously identify control gaps and lead initiatives to enhance our capabilities, tools, and processes.
- Stakeholder Engagement & Reporting: Translate technical findings into business risk. Develop and present key metrics, reports, and strategic insights to IT and business leadership to drive informed decision-making.
- Crisis Leadership: Act as the primary lead during security crises involving critical vulnerabilities, orchestrating the response plan and coordinating efforts across teams to mitigate risk.
About you
- A degree in Computer Science, Information Security, or a related field.
- 12+ years of experience in information security, with at least 5 years focused specifically on building and leading Vulnerability Management programs and teams.
- Proven expertise in managing the full scope of VM services, including infrastructure & application scanning, penetration testing, DevSecOps, and threat intelligence integration.
- A deep, analytical understanding of vulnerabilities, exploit mechanisms, and their practical business impact.
- A strong service-oriented and business-focused mindset, with a passion for enabling the organization securely.
- Exceptional communication, collaboration, and interpersonal skills, with the ability to influence stakeholders at all levels.
- Unwavering discipline, professionalism, and integrity.
- Preferred Experience: Hands-on knowledge with Vulnerability Assessment, DevSecOps, Pen-Testing, Cloud Security, and Attack Surface Management.
- Preferred Certifications: Industry credentials such as CISSP, CISM, or similar are highly desirable.