Director of Vulnerability Management and InfoSec Technology

About The Position

Requirements

• High School Diploma General
• Bachelors Computer Science or Bachelors Other
• Minimum 3 years Managing Information Security teams
• Minimum 6 years Vulnerability Management Operations Required
• Excellent written and oral communication skills.
• In-depth knowledge of information security concepts and methodologies
• Strong analytical and problem-solving skills
• Must have the ability to influence others to work collaboratively to achieve results.
• Advanced organizational, planning and time management skills
• In-depth knowledge of risk management methodologies and approach

Responsibilities

• Develop and execute a comprehensive vulnerability management strategy aligned with organizational cybersecurity objectives and risk tolerance.
• Create policies, procedures, and standards related to Information Security
• Oversee day-to-day operations of Vulnerability Management capabilities, managing escalations, collaborating with tools and vulnerability management remediation teams.
• Prioritize vulnerability and penetration test remediation based on severity ratings and business criticality.
• Proactively identify and communicate areas of concentrated risk and provide actionable security guidance to teams throughout the organization.
• Update and refine platform-defined vulnerability impact ratings to ensure accurate prioritization of risks.
• Support continuous improvement activities by assessing mitigation and detection capabilities, establishing repeatable testing processes, and monitoring remediation progress.
• Conduct focused technical analyses, including Network Mapping, Asset Discovery, and Vulnerability Scanning, and in support of the program, managing patch releases and control uplift projects encompassing architecture and engineering tasks.
• Conduct platform, data, performance, and software engineering assessments following the Common Vulnerability Scoring System (CVSS) and MITRE ATT&CK frameworks.
• Integrate the vulnerability management program with the larger security operations organization including incident response, threat intelligence, and penetration testing initiatives to gain a holistic view of actively exploited threats and internal vulnerabilities.
• Work collectively to inform and drive security uplift strategy.
• Review and develop technical strategy for supporting technology for Information Security to include Vulnerability Management reporting, Cloud Posture Security Management, Metrics and Reporting platforms, Application Security platforms, and others as the need or risk is identified
• This would include communicating with technology owners to understand importance or remediation and arbitration of time lines
• Develop and communicate metrics for Information Security to leadership and explanation of metrics
• Manage direct reports and supporting team members (more than 10 total)
• Performs other duties as assigned
• Complies with all Wellstar Health System policies, standards of work, and code of conduct.