Director Vulnerability Management

About The Position

Requirements

• Bachelor's degree in Information Security, Information Systems, Computer Science, or equivalent experience.
• 10+ years in Information Security with 5+ years leading Vulnerability Management for a multi-platform enterprise (hybrid cloud).
• Demonstrated results improving enterprise VM metrics and SLA performance.
• Depth with Qualys (VMDR, WAS/TotalAppSec), Veracode, Microsoft Defender for Endpoint; familiarity with network device scanning, container registries, and cloud workload coverage.
• Working knowledge of NIST CSF/ISO 27001; audit evidence management (e.g., GLBA); experience satisfying customer security requirements.

Nice To Haves

• Preferred Certifications: CISSP, CISM, CCSP, or comparable.

Responsibilities

• Define and continuously mature a risk-driven VM strategy, roadmap, and RACI.
• Establish policy-aligned remediation SLAs, exception criteria, escalation paths, and evidence requirements.
• Ensure customer/contract obligations related to scanning cadence and patch timelines are operationalized where applicable.
• Lead enterprise scanning and assessment coverage across on-prem, cloud, containers, and applications using core platforms (e.g., Qualys VMDR/TotalAppSec, Veracode, Microsoft Defender for Endpoint).
• Expand and maintain authenticated/agent-based coverage; manage discovery for shadow/EOL assets.
• Oversee web app/API scanning in partnership with AppSec; ensure rescans validate remediation.
• Lead enterprise hardening efforts across systems, software, networks, cloud applications, and cloud environments.
• Drive CMDB and ITSM integrations to automate ownership mapping, ticket creation, routing, and SLA tracking.
• Improve data quality (asset/owner criticality) to enable risk-based prioritization and reporting.
• Partner with Infra, Desktop, Cloud, and App Owners to remove blockers (e.g., maintenance windows, change control constraints, EOL/EOS platforms).
• Track and resolve exceptions with compensating controls; publish actionable playbooks/runbooks.
• Orchestrate assessment, prioritization, patch/mitigation guidance, rescans, stakeholder communications, and executive updates for critical vulnerabilities.
• Produce executive-ready dashboards (coverage, SLA attainment, risk burn-down, exception inventory, business impact).
• Maintain audit artifacts and evidence for internal/external assessments; support GLBA and customer reviews.

Benefits

• Medical, dental, and vision insurance
• Health Savings Account with employer contribution
• 401(k) Retirement plan with employer match
• Paid Maternity Leave/Parental Bonding Leave
• Pet insurance
• Adoption Assistance
• Tuition reimbursement
• Employee Loan Program
• The Newrez Employee Emergency and Disaster Fund
• 1 Volunteer Time Off (VTO) day
• Employee Matching Gifts Program
• Newrez Grants Program