Information Protection Senior Advisor - (Cloud Vulnerability Management)

About The Position

Requirements

• 5+ years of experience in information security, vulnerability management, cloud security, DevSecOps, or a related field
• Hands-on experience with cloud vulnerability and security tools such as Wiz, Prisma Cloud, TwistLock, Aqua, StackRox (Red Hat ACS), Cloud Conformity, Tenable, or similar
• Experience securing cloud environments across AWS, Azure, Google Cloud Platform, and other major cloud providers (e.g., OCI, Alibaba)
• Strong knowledge of DevSecOps practices, including container security, Docker, and Kubernetes
• Experience integrating security into CI/CD pipelines and the software development lifecycle (SDLC)
• Proven ability to perform risk-based vulnerability assessments and communicate impact to technical and non-technical stakeholders
• Experience developing automation to improve security operations and remediation efficiency
• Strong understanding of security frameworks, risk models, and industry best practices
• Demonstrated ability to operate in a complex, matrixed environment—leading initiatives, influencing stakeholders, and driving outcomes
• Strong analytical, problem-solving, and communication skills

Nice To Haves

• Bachelor’s degree in Information Security, Computer Science, or a related field
• Experience with application security testing tools (SAST, DAST, IAST, SCA)
• Familiarity with programming languages such as Python, Java, or JavaScript
• Experience with CI/CD tools such as Jenkins, GitLab CI/CD, or CircleCI
• Experience in a regulated industry such as healthcare, financial services, or government
• Relevant certifications such as CISSP, CISM, or similar

Responsibilities

• Lead the strategy and continuous evolution of a best-in-class cloud vulnerability management program, advancing automation, analytics, and risk-based prioritization to improve detection and remediation outcomes
• Design and implement scalable strategies, workflows, and procedures for identifying, assessing, prioritizing, remediating, and reporting vulnerabilities across public and private cloud environments
• Partner with cloud architecture, engineering, and application development teams to maintain comprehensive visibility into vulnerabilities and drive timely risk reduction across large-scale cloud environments
• Integrate security best practices and governance into cloud development processes, enabling secure-by-design development and DevSecOps adoption
• Deliver and continuously enhance vulnerability and remediation metrics, using KPIs to demonstrate program effectiveness, reduce risk, and drive accountability
• Develop and execute integration and automation strategies across multiple vulnerability management and cloud security toolsets
• Perform risk-based technical assessments to evaluate exposure and recommend mitigation strategies
• Monitor security alerts and advisories and coordinate cross-functional response to ensure vulnerabilities are properly addressed
• Analyze vulnerability data to identify trends, emerging risks, and opportunities to strengthen security posture
• Translate technical risks into clear, business-aligned insights, effectively communicating urgency and impact to technical and non-technical stakeholders
• Lead cross-functional discussions, build consensus, and influence stakeholders across engineering and business teams to accelerate remediation outcomes
• Communicate program status, priorities, risks, and progress to leadership and key stakeholders, including accomplishments, blockers, and next steps
• Stay current on emerging threats, vulnerabilities, and industry best practices to continuously improve program effectiveness

Benefits

• medical
• vision
• dental
• well-being and behavioral health programs
• 401(k)
• company paid life insurance
• tuition reimbursement
• a minimum of 18 days of paid time off per year
• paid holidays
• leaves of absence