|Date Posted||February 6, 2019|
Senior Vulnerability Program Manager, $140-160K+bonus
This position will manage the Vulnerability Management program and provide leadership to the security professionals in the division. This role will keep executives advised of current vulnerabilities, track and advocate for vulnerability remediation and lead the company through critical efforts.
- Act as adviser for the risk management group to integrate the cyber security risk into the global enterprise risk management.
- Provide vision, strategy, project management and innovation for the vulnerability management functions, expanding the capabilities of the company year over year
- Develop a five-year strategic road map with vulnerability management maturity milestones based on enterprise risk reduction
- Create a human resource plan to support the maturity road map cycle with the respective job descriptions.
- Supervise the scanning functions, code review and firewall reviews to identify network, infrastructure and configuration vulnerabilities
- Engage with the IT and business leadership to continuously enhance and communicate the importance of vulnerability remediation from a technical perspective
- Determine a method or system for consistent tracking and review of open vulnerabilities
- Responsible for architecting, building, deploying and maintaining the vulnerability management infrastructure within the organization
- Promotes expansion of vulnerability management scope into new environments and businesses long term strategy
- Develops risk-based remediation plans for vulnerabilities, prioritizing priorities for responsible teams
- Provides consultative services to business leaders on risk related vulnerabilities
- Develops and coordinates containment plans for newly identified vulnerabilities that may create a risk for the organization.
- 7 years of cyber security experience specifically working in the information security field
- 2 years of experience with vulnerability management and remediation
- Experience in building or developing a vulnerability management program
- Understanding of complex process flows and decision matrices
- Effective Program Management, people management and leadership skills
- Expertise in relationship building with partners; ability to lead by example and influence change
- Experience with vulnerability scanning tools, such as Qualys, Nessus, Rapid7, etc.
- Exemplary interpersonal communications (both written and verbal) skills
- CISSP, CISM and/or relevant SANS certifications
- Demonstrated knowledge of security industry standards and leading practices (e.g. PCI, OWASP, NIST, CIS, CVSS, CVSSv3)
- Experience with enterprise network architecture
- SME of enterprise and open source vulnerability identification solutions
- Demonstrated ability to work autonomously and manage a wide variety of work streams
- Expert knowledge of OWASP and SANS testing methodologies
- CEH or similar certifications