Manager - Vulnerability Mgmt Svcs | Information & Network Security Services | Full Time

GENERAL SUMMARY:

The Vulnerability Management Services (VMS) Manager oversees the personnel and security programs associated with the VMS team. The VMS security programs include application security, threat intelligence, security awareness, policy compliance, and vulnerability management.

The VMS Manager reports to the Deputy Information and Privacy Security Officer. In conjunction the VMS Manager in a collaborative effort with cross functional groups such as to ensure processes, services, and technologies are implemented and operationalized to meet both the needs of the business and regulatory requirements. Work closely with multiple teams across the organizations that include, Legal, Risk Compliance, IT, and others to improve and mature vulnerability management controls.

Provides functional leadership and supervision to direct reporting staff. (Including staff scheduling, performance, and development management). Manages the reporting employee lifecycle by maintaining a diverse, efficient, and effective workforce. Regularly meets with direct reports for feedback, mentoring, support, and career development including performance expectation to ensure continuous value. Maintains a culture of customer service, disciplined business conduct, and healthy communication.

PRINCIPLE DUTIES AND RESPONSIBILITIES:

• Continually assess and deliver a VMS Roadmap that both matures and operationalizes security by delivering in the following key VMS Programs:
  
  
  
  • Integrated Information Resilience Services (IIRS)
  • Security Awareness
  • Policy Compliance (Secure Configuration)
  • Threat Intelligence
  • Vulnerability Management
  • Application Security
  • Responsible for strategy and execution of vulnerability assessments and security baseline configuration compliance scans across workstation, network, PCI environments.
  
  
  
  
• Possess technical skills and extensive working experience with vulnerability management tools, static and dynamic testing, and threat intelligence.
• Excellent communication skills and can articulate vulnerabilities, threats, and risks to non-technical stakeholders.
• Ensure VMS related program roadmaps consider business initiatives, regulatory requirements, audit/gap assessment findings, and business risk appetite.
• Be a champion for vulnerability management and information security including broadening awareness and use of the team's services, education of security best practices and integration with other business areas.
• Drive actionable metrics and reporting for operations and leadership transparency.
• Provide prompt attention and visibility into risks, vulnerabilities, and issues serving as an escalation path for team member effectiveness.
• Serve as subject matter expert related to vulnerability management, policy compliance, and related programs.
• Develop enterprise policy and technical standards with specific regard to VMS programs.
• Be able to successfully partner with other security and IT teams to assess potential impact from vulnerabilities with the intent to determine and implement mitigating controls.
• Identify and recommend appropriate measures to manage and remediate vulnerabilities and reduce potential impacts on information resources to a level acceptable to the business.
• Build strong partnerships with technical teams to promote best practices for managing vulnerabilities in an agile manner and within cloud solutions.
• Fully understand business requirements and to define appropriate security solutions objectives while meeting the business need.
• Providing mentorship, coaching, performance management and support to team members about vulnerability assessment, communication/rapport with other divisions and various levels of leadership, technical expertise, and career development.
• Establish and maintain vulnerability management SLAs.