Vulnerability Program Manager (Remote)

About The Position

Requirements

• Bachelor’s degree in computer science, Information Security, or a related field (or equivalent experience).
• 5+ years of experience in information security, with at least 2 years dedicated to vulnerability management.
• Proficiency with industry-standard vulnerability scanning tools (e.g., Qualys, Tenable, Rapid7) and remediation tracking platforms.
• Must be able to configure, schedule, and interpret scan results, and oversee the lifecycle of vulnerability remediation.
• Demonstrated expertise in applying security frameworks and industry standards such as NIST Cybersecurity Framework, ISO/IEC 27001, CIS Controls, and PCI DSS.
• Experience implementing and maintaining controls in accordance with regulatory requirements and industry benchmarks.
• Familiarity with vulnerability management best practices, including risk prioritization, patch management processes, threat intelligence integration, and continuous improvement methodologies.
• Ability to design and refine processes for vulnerability identification, assessment, and mitigation across enterprise environments.
• Excellent communication, analytical, and project management skills.
• Proven ability to clearly articulate technical risk and remediation strategies to both technical and non-technical audiences, including executives and cross-functional teams.
• Experience collaborating with cross-functional teams (e.g., IT, DevOps, Application Development, Compliance, and Legal) to ensure coordinated vulnerability management efforts.
• Ability to lead meetings, drive consensus, and facilitate information sharing to maintain compliance with internal and external requirements.
• Demonstrated responsibility for monitoring, maintaining, and reporting on vulnerability management metrics and compliance status.
• Must proactively engage stakeholders to ensure ongoing adherence to organizational policies, standards, and regulatory obligations.

Nice To Haves

• Relevant certifications preferred, such as CISSP, CISM, OSCP, GIAC, or equivalent credentials that validate proficiency in security practices and vulnerability management.

Responsibilities

• Lead the design, implementation, and continuous improvement of the enterprise vulnerability management program.
• Oversee vulnerability scanning, assessment, and reporting processes for all critical assets.
• Collaborate with IT, DevOps, and application teams to prioritize and track remediation efforts.
• Develop and deliver metrics, dashboards, and executive reports on vulnerability status and risk trends.
• Ensure compliance with internal policies, industry standards, and regulatory requirements related to vulnerability management.
• Coordinate vulnerability disclosure and response activities, including communication with external vendors and stakeholders.
• Provide guidance, training, and awareness to technical teams on vulnerability management best practices.
• Performs other duties as assigned.
• Comply with all policies and standards.

Benefits

• If this position is full-time or part-time benefit eligible, you will receive a comprehensive benefits package which can be viewed here: https://businessolver.foleon.com/bsc/job-board-businessolver-virtual-benefits-guide/
• This role is eligible to participate in the annual bonus incentive plan.