Position Overview: We are seeking a highly skilled and experienced Vulnerability Management Lead to drive our global technology organization's vulnerability management program. This role will serve as the subject matter expert (SME) in vulnerability management across a diverse range of legacy and modern systems, both in data centers and the cloud.
Essential Duties & Responsibilities:
- Lead the organization's Vulnerability Management program, acting as a SME throughout a global technology environment.
- Develop enterprise policies and technical standards for vulnerability management and secure configuration.
- Own the end-to-end vulnerability remediation process, including vulnerabilities identified through various channels such as scans, penetration testing, application scanning, and responsible disclosure programs.
- Collaborate effectively with Security and IT professionals to assess the impact of vulnerabilities and recommend mitigating security controls tailored to the specific environment.
- Identify and recommend measures to manage and remediate vulnerabilities, minimizing potential impacts on information resources to an acceptable level for senior management.
- Build strong partnerships with technical teams to promote best practices for agile and cloud-based vulnerability management.
- Understand business requirements and work to define solutions that meet security objectives while aligning with business needs.
- Champion vulnerability management and information security by promoting the use of team services, educating on security best practices, and integrating with other business areas.
- Provide guidance, technical expertise, and support to team members on vulnerability assessments.
- Develop and refine key performance indicators (KPIs) and metrics for vulnerability management functions.
- Lead and participate in new projects as needed.
- Perform additional duties as assigned.
Skills, Knowledge, & Abilities:
- Proven experience leading vulnerability management teams with expertise in security concepts and strategies.
- Hands-on experience with vulnerability management tools and strong technical understanding of assessing vulnerabilities and identifying weaknesses across multiple operating systems, databases, and application servers.
- Strong written and verbal communication skills, with the ability to effectively collaborate across all levels of the organization.
- Demonstrated leadership skills, both in direct team management and cross-functional collaboration.
- Minimum of 6 years of experience in a vulnerability management program, including prioritizing and driving remediation activities.
- Excellent interpersonal skills, with the ability to work effectively with peers, IT leadership, and subordinates.
- Ability to clearly communicate complex technical and business concepts to various stakeholders, including business partners, team members, and IT management.
- Experience interacting with auditors and regulators.
- Proven ability to work effectively across public cloud and on-premises hybrid infrastructures.
- Experience working with vulnerability scanning technologies at scale.
- Self-starter with strong decision-making skills and judgment to know when to seek guidance.
- Fundamental understanding of risk vs. severity.
- Comfort in a diverse technology environment spanning multiple operating systems and architectures.
- Ability to foster collaborative, open working relationships with technology and other stakeholders.
- Strong understanding of enterprise, network, system/endpoint, and application-level security issues and risks.
Education & Experience:
- Bachelor’s degree in Computer Science, Information Technology, or a related discipline, or equivalent work experience.
- Typically, a minimum of 10 years of related work experience in Information Technology.