Corporate Vice President

About The Position

Requirements

• 12–15+ years of experience in Infrastructure/IT Operations, Security Engineering, or SRE, with 5+ years in senior leadership roles owning vulnerability management and/or patching at enterprise scale.
• Deep understanding of enterprise infrastructure and platforms: Windows/Linux, databases, network devices, endpoints, cloud (AWS/Azure/GCP), and Kubernetes or containerized workloads.
• Hands-on familiarity with vulnerability management tooling, such as Tenable, Qualys, Rapid7, cloud-native security services, and container/image scanning platforms.
• Strong experience integrating vulnerability platforms with ITSM/CMDB, asset management, SIEM, and GRC tools.
• Proven track record building and running risk-based remediation programs with clear SLAs, metrics, and reporting to senior leadership.
• Solid knowledge of security frameworks and regulatory requirements, such as NIST CSF, CIS controls, SOX, NYDFS, PCI, or similar.
• Strong understanding of change, patch, and configuration management in large IT Operations environments.
• Demonstrated ability to influence senior stakeholders, negotiate priorities, and drive decisions across Technology, Security, and Business teams.
• Excellent communication, storytelling, and presentation skills—able to convey complex technical risk in clear business terms.

Nice To Haves

• Experience in financial services or other highly regulated industries.
• Background with application security (SAST/DAST/SCA), CSPM, and container security; experience embedding security into CI/CD.
• Relevant certifications: CISSP, CISM, CRISC, cloud security certs (e.g., CCSP), or ITIL/SRE credentials.

Responsibilities

• Own the enterprise vulnerability remediation strategy and roadmap across on-prem, cloud, and SaaS environments.
• Define and enforce standards, policies, and controls for scanning, triage, remediation SLAs, and exception handling.
• Chair or co-chair governance forums covering vulnerability risk, remediation progress, and chronic issues with Infra, App, Security, and Risk leaders.
• Design a centralized operating model that integrates scanning, triage, remediation execution, change coordination, and executive reporting.
• Serve as executive product owner for vulnerability management platforms (network and host scanners, container and cloud posture tools, application security integrations).
• Define platform roadmaps, integration priorities (CMDB, asset inventory, ITSM, SIEM, GRC), and data quality objectives.
• Ensure platforms are reliable, scalable, and easy for engineering teams to consume (dashboards, APIs, reports).
• Partner with CMDB, asset management, and cloud teams to maintain accurate, in-scope inventories tied to business services and criticality.
• Implement risk-based prioritization that accounts for exploitability, business impact, exposure, compensating controls, and critical asset classes such as internet-facing and crown-jewel systems.
• Standardize risk scoring and rapid treatment paths for KEVs, zero-days, high-risk misconfigurations, and systemic control failures.
• Align vulnerability remediation with patching, configuration management, and change processes in IT Operations.
• Define and track remediation SLAs for different classes of vulnerabilities and assets; drive accountability with platform and app owners.
• Partner with AIOps/Automation teams to implement automated fixes and workflow orchestration where safe and appropriate.
• Integrate vulnerability management with cloud security posture management (CSPM), container scanning, and application security pipelines (SAST/DAST/Software Composition Analysis).
• Ensure DevOps/SRE teams receive actionable, contextualized findings early in the lifecycle.
• Help define secure baselines, golden images, and hardened configurations that reduce recurring vulnerabilities.
• Define and manage key performance indicators and risk metrics (e.g., mean time to remediate by severity, SLA adherence, exposure windows, vulnerability density on critical assets).
• Produce regular reporting and dashboards for Technology leadership, the CISO organization, Risk, and regulators/internal audit as needed.
• Translate technical risk into business impact and clear remediation priorities for senior stakeholders.
• Support Security and Incident Response teams during high-severity events (zero-days, active exploits) with rapid asset scoping, prioritization, and remediation coordination.
• Ensure lessons learned from incidents are codified into playbooks, standards, and automation.
• Lead and develop a team of vulnerability management engineers, analysts, and program managers.
• Foster a culture of “secure-by-default” and shared responsibility for vulnerability remediation across Infra, App, and Operations teams.
• Provide coaching, training, and clear guidance to engineering teams on patching practices, exception handling, and secure configurations.
• Set enterprise remediation expectations, standards, and SLA timelines.
• Require remediation plans and target dates from infrastructure and application teams.
• Escalate missed deadlines, unresolved blockers, and unmanaged risk through formal governance channels.
• Challenge unsupported exception requests and ensure risk acceptance is documented, time-bound, and approved at the right level.
• Coordinate end-to-end remediation activity spanning endpoints, servers, cloud, middleware, containers, and application-dependent services.

Benefits

• Leave programs
• Adoption assistance
• Student loan repayment programs