Job Purpose
The Manager, Vulnerability Management is responsible for leading the enterprise-wide vulnerability identification, assessment, prioritization, and remediation governance processes. The role ensures that vulnerabilities across cloud, network, application, endpoint, and infrastructure environments are systematically discovered, risk‑ranked, and addressed in alignment with cybersecurity policies and business risk tolerance.
Key Accountabilities
- Lead the end‑to‑end vulnerability management lifecycle, including discovery, assessment, reporting, and remediation governance.
- Develop and maintain the enterprise vulnerability management strategy, frameworks, and SOPs, ensuring alignment with organizational cybersecurity strategy and regulatory requirements.
- Establish risk‑based prioritization methodologies and SLAs for remediation based on asset criticality and threat intelligence.
- Oversee regular scanning and assessments across cloud, network, server, workstation, OT/IoT, and application environments.
- Evaluate scan results, validate findings, and ensure accuracy through tuning, false-positive management, and continuous improvement practices.
- Integrate multiple data sources (e.g., scanners, CMDB, threat intel) to maintain high-quality visibility of vulnerabilities.
- Partner with infrastructure, cloud, DevOps, and application teams to ensure timely remediation of vulnerabilities.
- Lead remediation governance forums and follow-up mechanisms to track remediation progress and exceptions.
- Escalate critical unaddressed risks to leadership and provide recommended mitigations or compensating controls.
- Correlate vulnerability data with threat intelligence to prioritize remediation efforts based on active exploits and emerging threats.
- Conduct impact assessments to determine business risk and required mitigation actions.
Qualifications
- Education: Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or related field.
- Experience: Minimum of nine years’ work experience with at least four of which in a relevant function and three years in supervisory roles.
