Associate Director, Global Vulnerability Management

About The Position

Requirements

• Bachelor’s degree in Computer Science, Cybersecurity, Information Systems, or a related field—or equivalent professional experience
• 7+ years of cybersecurity experience, including 5+ years leading enterprise vulnerability management programs
• Deep expertise deploying and operating vulnerability management platforms at scale (e.g., Tenable, Qualys, Rapid7, Wiz, Snyk)
• Strong knowledge of cloud security and cloud-native vulnerability management across AWS, Azure, and GCP
• Proven ability to build and mature vulnerability management programs, establishing processes, workflows, and operational cadence
• Demonstrated success partnering with IT Operations, Infrastructure, and Engineering teams to drive remediation outcomes
• Excellent communication skills with the ability to translate technical vulnerability data into business risk for executive and technical audiences
• Strategic, Risk-Based Leadership: Ability to design and scale a vulnerability management program while balancing risk, business needs, and operational constraints
• Executive Communication & Influence: Communicates clearly and credibly with audiences ranging from engineers to the CISO and board
• Technical Security Depth: Strong understanding of vulnerabilities, remediation techniques, and security across infrastructure, cloud, applications, containers, and OT
• Operational Excellence & People Leadership: Builds sustainable global operations through clear ownership, accountability, and continuous improvement
• Collaboration & Service Mindset: Trusted partner who enables teams to succeed through pragmatic, service-oriented security practices
• On-site presence required at IDEXX headquarters in Westbrook, Maine, at a minimum of 8 days per month, preferably more.

Nice To Haves

• Security certifications (e.g., CISSP, CISM, GIAC, CEH)
• Experience in regulated or operationally complex environments (e.g., healthcare, biotech, medical devices, manufacturing, laboratories)
• Hands-on experience with DevSecOps, container security, IaC scanning, and CI/CD automation
• OT/IoT vulnerability management experience in manufacturing or laboratory environments
• Background in patching, configuration management, or IT operations
• Scripting or automation skills (e.g., Python, PowerShell, Bash)
• Experience with vulnerability scoring, prioritization, and metrics (e.g., CVSS, EPSS, dashboards)

Responsibilities

• Strategic Leadership & Program Ownership Define and execute IDEXX’s global vulnerability management strategy, roadmap, and operating model aligned with NIST CSF, ISO 27001, and CIS Controls
• Advise the CISO on vulnerability posture, enterprise risk trends, and risk-reduction strategy
• Establish vulnerability lifecycle workflows from discovery through remediation validation, including escalation paths, exceptions, and governance
• Develop vulnerability management policies, standards, and remediation SLAs
• Define and track KPIs, KRIs, and program success metrics to measure effectiveness, velocity, and maturity
• People Leadership & Program Enablement Lead, mentor, and grow a global team of vulnerability management professionals, security engineers, and analysts
• Build sustainable organizational capabilities and a culture of continuous improvement and operational excellence
• Manage staffing, performance, career development, and vendor/partner relationships to support program scale and effectiveness
• Enterprise Vulnerability Management Operations Lead enterprise-wide vulnerability identification, assessment, prioritization, and remediation across infrastructure, applications, cloud (AWS, Azure, GCP), endpoints, containers, OT/IoT, manufacturing, and laboratory environments
• Establish risk-based prioritization models incorporating exploitability, threat intelligence, asset criticality, and environmental context
• Define scanning strategies and integrate vulnerability data from multiple sources including scanners, CSPM, penetration testing, and threat intelligence
• Integrate vulnerability management with patching, configuration management, and secure SDLC processes
• Technology & Automation Own and mature vulnerability management platforms (e.g., Tenable, Qualys, Rapid7, Wiz, Snyk) to ensure accuracy, coverage, and scalability
• Drive automation, cloud-native capabilities, CI/CD integration, and shift-left practices to improve remediation efficiency and developer enablement
• Integrate vulnerability data into orchestration platforms, ticketing systems, and security dashboards
• Cross-Functional Partnership & Risk Reduction Partner with IT Operations, Cloud Infrastructure, Engineering, DevSecOps, and business technology leaders to embed remediation into enterprise workflows
• Assess and improve remediation capacity through training, tooling enhancements, and automation
• Incorporate threat intelligence and ensure alignment with governance, regulatory, and compliance requirements
• Develop remediation playbooks, technical documentation, and provide hands-on guidance for complex remediation efforts
• Metrics, Reporting & Executive Communication Develop and deliver operational, technical, and executive-level vulnerability reporting and dashboards
• Communicate vulnerability posture, trends, and recommendations to the CISO, security leadership, and governance forums
• Analyze vulnerability data to identify systemic issues, recurring patterns, and opportunities for proactive risk reduction

Benefits

• Opportunity for annual cash bonus as well as yearly equity award
• Health / Dental / Vision Benefits Day-One
• 5% matching 401k
• Additional benefits including but not limited to financial support, pet insurance, mental health resources, volunteer paid days off, employee stock program, foundation donation matching, and much more!