Cyber Attack Surface Management Manager

Sentara Health•Norfolk, VA

19h•Onsite

About The Position

The ASM Manager leads the Cyber Attack Surface Management function, responsible for assisting with strategy, execution, and continuous improvement of capabilities that reduce the organization’s cyber exposure. This role ensures alignment with enterprise risk priorities and coordinates across security, IT, and business units. Define and execute the ASM program strategy, roadmap, and priorities. Oversee all ASM functions: threat intelligence, third-party incident management, identity hygiene, vulnerability management, and legacy OS risk tracking. Establish governance, processes, and performance metrics. Act as primary stakeholder liaison across Security Operations, IT, Risk, and Vendor Management. Drive risk-based prioritization and decision-making. Present risk posture, trends, and recommendations to senior leadership. Ensure integration with CTOC and broader cyber security programs.

Requirements

Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field—or equivalent industry training and certifications.
7 yrs relevant years’ experience without a degree
5+ years of experience with a degree
Experience leading or supporting Cyber Attack Surface Management (ASM), vulnerability management, threat intelligence, or cyber exposure management programs.
Strong hands-on experience coordinating vulnerability remediation efforts and driving risk reduction initiatives across cross-functional teams.
Experience building, operationalizing, and maturing cybersecurity processes, governance frameworks, and remediation workflows.
Experience partnering with Security Operations, Infrastructure, Cloud, IAM, Risk, Compliance, and Vendor Management teams in a complex enterprise environment.
Experience with cybersecurity platforms and tools such as Tenable, Qualys, CrowdStrike, ServiceNow, Microsoft Defender, Palo Alto, or similar technologies.

Nice To Haves

CISSP/ CISM/CRISC/ Vendor/platform certifications related to vulnerability management, cloud security, or threat intelligence are a plus

Responsibilities

Define and execute the ASM program strategy, roadmap, and priorities.
Oversee all ASM functions: threat intelligence, third-party incident management, identity hygiene, vulnerability management, and legacy OS risk tracking.
Establish governance, processes, and performance metrics.
Act as primary stakeholder liaison across Security Operations, IT, Risk, and Vendor Management.
Drive risk-based prioritization and decision-making.
Present risk posture, trends, and recommendations to senior leadership.
Ensure integration with CTOC and broader cyber security programs.
Coordinating vulnerability remediation efforts and driving risk reduction initiatives across cross-functional teams.
Building, operationalizing, and maturing cybersecurity processes, governance frameworks, and remediation workflows.
Partnering with Security Operations, Infrastructure, Cloud, IAM, Risk, Compliance, and Vendor Management teams in a complex enterprise environment.

Benefits

Medical, Dental, Vision plans
Adoption, Fertility and Surrogacy Reimbursement up to $10,000
Paid Time Off and Sick Leave
Paid Parental & Family Caregiver Leave
Emergency Backup Care
Long-Term, Short-Term Disability, and Critical Illness plans
Life Insurance
401k/403B with Employer Match
Tuition Assistance – $5,250/year and discounted educational opportunities through Guild Education
Student Debt Pay Down – $10,000
Reimbursement for certifications and free access to complete CEUs and professional development
Pet Insurance
Legal Resources Plan
Annual discretionary bonus if established system and employee eligibility criteria is met.