Director, Threat and Vulnerability Management

About The Position

Requirements

• 10+ years of progressive experience in cybersecurity, including threat intelligence, threat hunting, vulnerability management, or detection engineering
• Proven experience leading enterprise-scale security programs and teams
• Deep understanding of threat actor behaviors, MITRE ATT&CK, vulnerability exploitation, and modern attack techniques
• Strong experience with risk-based security frameworks and metrics
• Familiarity with AI/ML applications in security operations
• Experience with scripting in languages such as Python
• Ability to influence senior leadership and drive cross-functional execution
• Deep knowledge of cyber threat actors and their tactics, techniques and procedures
• Knowledge of scripting to enhance hunting capabilities
• Knowledge of AI capabilities and how to use them to build efficiencies and automation
• Strong knowledge of vulnerability management identification, analysis and treatment capabilities
• Thorough understanding and familiarity with relevant standards including National Institute of Standards and Technology (NIST) and Federal Financial Institutions Examination Council (FFIEC)
• A technical background in systems or network administration, engineering, or operations
• Communicates effectively
• Anticipates changing business needs, adjusts priorities accordingly, and allocates necessary resources and budget to achieve objectives
• Equips the business to become an effective competitor in an highly dynamic landscape
• Considers stakeholder needs and input as well as best practices and insights from industry trends when making strategic decisions
• Is flexible, decisive, and serves as a trusted advisor to senior leaders within the organization
• Demonstrates effective negotiation and influencing skills
• Prioritizes and facilitates an culture of continuous improvement and systems thinking
• Sets the tone for successful collaboration with other business units and corporate entities
• Creates an environment that fosters communication, transparency, and collaboration
• Cultivates innovation and values learning as a lifelong professional objective
• Leads by example, engaging inclusively and with intent
• Always acts with integrity
• Analytical thinking
• Iterative problem-solving

Nice To Haves

• Industry certifications (e.g., CISSP, CISM, GIAC, or equivalent)

Responsibilities

• Lead and continuously evolve the enterprise Threat Intelligence, Threat Hunting, and Vulnerability Management programs.
• Define and execute a multi-year Threat & Vulnerability Management strategy aligned to organizational risk appetite and business priorities.
• Establish measurable security KPIs and maturity metrics; regularly present program effectiveness and risk posture to senior management.
• Build and mature a Cyber Threat Intelligence (CTI) program that aggregates strategic, operational, and tactical intelligence from internal and external sources.
• Lead proactive threat hunting initiatives across enterprise and compute environments to identify dormant threats, advanced adversaries, and supply chain compromises.
• Map threat actor TTPs (Tactics, Techniques, and Procedures) to the MITRE ATT&CK framework to identify gaps in detection and prevention coverage.
• Establish and drive a risk-based vulnerability management model that prioritizes remediation based on exploitability, asset criticality, and business impact.
• Ensure timely remediation, validation, and reporting of identified vulnerabilities and security gaps across infrastructure, applications, and cloud environments.
• Partner with technology and business teams to embed vulnerability remediation into operational and engineering workflows.
• Evaluate and implement AI-driven and automation technologies to improve efficiency, scale, and effectiveness of threat and vulnerability operations.
• Continuously assess current security processes and tools to identify opportunities for optimization and enhanced risk reduction.
• Serve as a trusted advisor to engineering, architecture, risk, and incident response teams on threat and vulnerability matters.
• Communicate complex security topics clearly to both technical and non-technical stakeholders, including executives and regulators.
• Build strong relationships with internal partners and relevant external security communities and vendors.
• Lead, mentor, and develop a high-performing team of security professionals; foster a security-aware and accountability-driven culture.
• Manage relationship with external vendors to support the TVM Team.
• Serve as a lead escalation contact in a 24/7 environment; and guide appropriate resources to resolution.
• Maintain knowledge of industry trends and threats.

Benefits

• Comprehensive health and wellness benefits
• Retirement plans
• Educational assistance and training programs
• Income replacement for qualified employees with disabilities
• Paid maternity and parental bonding leave
• Paid vacation, sick days, and holidays