Director, Vulnerability Management

HarbourVest Partners•Boston, MA

10d•Hybrid

About The Position

For over forty years, HarbourVest has been home to a committed team of professionals with an entrepreneurial spirit and a desire to deliver impactful solutions to our clients and investing partners. As our global firm grows, we continue to add individuals who seek a collaborative, open-door culture that values diversity and innovative thinking. In our collegial environment that’s marked by low turnover and high energy, you’ll be inspired to grow and thrive. Here, you will be encouraged to build on your strengths and acquire new skills and experiences. We are committed to fostering an environment of inclusion that promotes mutual respect among all employees. Understanding and valuing these differences optimizes the potential of both the individual and the firm. HarbourVest is an equal opportunity employer. This position will be a hybrid work arrangement, which translates to 4 days minimum per week in the office. This individual will work in a cross-functional capacity, partnering with infrastructure, application, and business teams to identify, assess, and remediate vulnerabilities across the enterprise. They will be responsible for managing the vulnerability lifecycle, including scanning, prioritization, and remediation tracking, as well as developing and maintaining processes to ensure timely patching and risk reduction. In addition, this role will lead incident response efforts, coordinating detection, containment, eradication, and recovery activities—while continuously improving HarbourVest’s incident response playbooks and capabilities. The ideal candidate is someone who is: Passionate about results, goal driven, outspoken, accountable, and collaborative Able to drive business decisions using data and comfortable reporting on metrics Familiar working at a company with a global presence spanning multiple time zones Demonstrates a strong commitment to ethical practices and maintaining the highest standards of honesty and transparency Self-starter with demonstrable ability to work independently, think on their feet and prioritize tasks and time effectively Takes the initiative to identify and address potential issues before they become significant problems Is an exceptional communicator, both written and verbally Has expertise in the various common cyber security frameworks (ISO27001, NIST CSF & 800-53 etc.)

Requirements

Bachelor’s degree or higher in Computer Science, Information Security, Engineering, or related field.
5+ years of experience in cybersecurity, with at least 3 years in a leadership or management capacity.
Proven experience building or leading a mature vulnerability management program at scale.
Deep understanding of vulnerability scanning technologies, CVSS scoring, and threat modeling.
Strong knowledge of cloud platforms (AWS, Azure), and container security.
Familiarity with compliance frameworks and standards.
Experience managing and mentoring technical teams and working cross-functionally with non-security teams.
Excellent communication and stakeholder engagement skills with the ability to convey complex risk topics to executive audiences.
Strong program management skills with a solid understanding of vulnerability management, governance, and stakeholder engagement.
Strong problem-solving skills, flexibility, and the ability to take initiative.

Nice To Haves

Relevant certifications (e.g., CISSP, CISM, OSCP, or similar) preferred.
Experience integrating vulnerability management with SIEM, ticketing, and asset management tools.
Strong understanding of risk management and cyber risk quantification.

Responsibilities

Develop, lead and be accountable end to end for the enterprise vulnerability management strategy, roadmap, and program.
Oversee vulnerability scanning, risk assessments, and prioritization processes across infrastructure, applications, containers, cloud environments, and critical third parties.
Own vulnerability management platforms, ensuring optimal configuration, tuning, and coverage.
Partner with Technology and business teams, and asset owners to drive remediation and track progress.
Provide threat-based prioritization of vulnerabilities using CVSS, threat intelligence, exploitability data, and business context.
Lead the response to high-profile vulnerabilities (e.g., zero-days, critical CVEs) with timely impact analysis and coordinated remediation actions.
Develop and present executive-level reporting on vulnerability trends, KRIs, KPIs, and risk posture.
Maintain compliance with relevant standards and frameworks (e.g., NIST CSF 2.0).
Own governance for exception handling and risk acceptance processes related to un-remediated vulnerabilities.
Lead, mentor, and grow a team of vulnerability analysts.
Develop awareness campaigns to promote the importance of vulnerability management and compliance across the organization.
Oversee and track enterprise-wide SLA compliance for vulnerability remediation, focusing on timely resolution across all asset classes.
Analyze SLA trends, identify non-compliance patterns, and work with asset owners to address gaps.
Escalate risks related to overdue vulnerabilities to leadership in accordance with established protocols.
Design, maintain, and optimize dashboards and reporting mechanisms to provide actionable insights for executives, asset owners, and security teams.
Stay informed on industry trends, tools, and best practices to recommend and implement program improvements.

Benefits

This role is eligible for a discretionary annual bonus, which is determined based on individual and overall firm performance.
In addition to salary and bonus, total compensation may include eligibility for long-term reward programs and a comprehensive total rewards package that may include retirement, health, insurance, paid time off, and wellness programs.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume