Sr Mgr Enterprise Vulnerability Management

About The Position

Requirements

• A bachelor’s degree in computer science, Information Security, Cybersecurity, or related discipline required; a master’s degree is preferred.
• 10+ years of progressive experience in information security with significant exposure to vulnerability management and enterprise risk programs.
• Minimum 5+ years managing vulnerability programs
• 3–5+ years of direct people management experience, including building and leading technical teams (analysts, engineers, or program staff)
• Proven experience operating vulnerability management at scale for large, distributed environments (on-premises, cloud, hybrid) and coordinating across multiple global business units.
• Hands-on knowledge of vulnerability tools (Tenable, Qualys, Rapid7, ServiceNow VR, Wiz, etc.) and automation frameworks.
• Strong communicator with the ability to translate technical issues into business risks for executives.
• Strategic thinker with a proactive, automation-first mindset.
• Collaborative leader who can influence cross-organizational remediation and improve security outcomes.

Nice To Haves

• Certifications such as CISSP, CISM, CRISC, CISA, or GIAC vulnerability/assessment specialties (GPEN, GCIA, etc.)

Responsibilities

• Lead the enterprise vulnerability management function, including strategy, execution, continuous improvement, and performance measurement.
• Develop, align, and evangelize a risk-based vulnerability posture strategy that drives timely and effective remediation across infrastructure, cloud workloads, applications, and third-party services.
• Define key performance indicators (KPIs), metrics dashboards, and executive reporting mechanisms to communicate program effectiveness to senior leaders and board stakeholders.
• Oversee the end-to-end vulnerability management lifecycle: discovery, validation, prioritization, remediation tracking, and verification of closure.
• Establish and enforce standard operating procedures (SOPs), SLA’s, and governance models to ensure consistent execution across business units.
• Ensure continuous and automated scanning coverage leveraging industry-leading tools (e.g., CrowdStrike, Tenable, Qualys, Rapid7, Wiz, Tanium, or similar) and integrate with ticketing and IT service management workflows.
• Lead vulnerability identification across multi-cloud, hybrid infrastructure, container platforms, and enterprise applications.
• Coordinate vulnerability scanning schedules, threat intelligence integration, and risk scoring methodologies (e.g., CVSS, EPSS, internal risk models) to prioritize remediation based on exploitability and business context.
• Partner with SecOps, engineering, and platform teams to ensure vulnerabilities are resolved effectively, and appropriate compensating controls are in place when necessary.
• Act as a key security advisor to IT, development, risk, compliance, and business owners regarding vulnerability risk exposure and remediation planning.
• Facilitate vulnerability review boards, risk committees, and cross-team governance forums to drive accountability and risk reduction.
• Build, mentor, and lead a high-performing vulnerability management team, including analysts, engineers, and automation resources.
• Define career paths, set performance expectations, and promote a culture of security excellence.