IT Manager Vulnerability Management

About The Position

Requirements

• Bachelor's degree in Computer Science, CIS, or equivalent professional experience
• 8+ years of IT experience in technology position with a broad knowledge of IT hardware and software
• 5 years’ experience managing technology teams
• 5+ years experience as an IT security administration / security technician
• Knowledgeable as to IT security concepts, compliance, principles, and tools
• Ability to understand business needs; ability to establish and maintain a high level of business partner trust and confidence in ITRM’s concern for end users and other stakeholders
• Ability to work in team in diverse/ multiple stakeholder environments
• Ability to follow-up, follow through and deliver timely results
• Excellent analysis/troubleshooting skills, able to solve problems efficiently
• Excellent communication skills; feels comfortable working with non-technical business partners
• Able to motivate others to drive desired results
• Strong experience in establishing business processes
• Demonstrated ability to present recommendations to senior leaders for effective decision making
• Work with production support and project consultants in an onshore / offshore model
• Proven track record of delivering high quality solutions on time and on schedule
• Flexibility of providing support during odd hours, weekends, and peak seasons
• Minimal travel required (training/conferences)

Nice To Haves

• Retail industry experience preferred

Responsibilities

• Project Management: Defines, documents, and carries out small projects. Carries out project approach with stakeholders, and prepares realistic plans (including quality, risk and communications plans) and documents activities against the project schedule, liaising with stakeholders as appropriate.
• Information security - Develops and communicates corporate information security policy, standards and guidelines. Contributes to the development of organizational strategies that address information control requirements. Evaluates and monitors environmental and market trends and pro-actively assesses impact on business strategies, benefits and risks. Manages the provision of authoritative advice and guidance on the requirements for security controls in collaboration with experts in other functions e.g. legal, technical support. Ensures architectural principles are applied during design to reduce risk and drives adoption and adherence to policy, standards and guidelines.
• Relationship Management: Facilitates open communication and discussion between stakeholders, acting as a single point of contact by developing, maintaining and working to stakeholder engagement strategies and plans. Negotiates with stakeholders at senior levels and ensures that organizational policy and strategies are adhered to.
• Problem Management - Ensures that appropriate action is taken to anticipate, investigate and resolve problems in systems and services. Ensures that such problems are fully documented within the relevant reporting system(s). Leads the development of problem solutions. Coordinates the implementation of agreed remedies and preventative measures. Evaluates patterns and trends.
• Resourcing - Develops plans to ensure that the organization has appropriately skilled resources to meet organizational objectives and commitments. Manages the effective implementation of resource planning, recruitment, selection, assessment, on-boarding and transitioning of resources. Evaluates standards, methods and tools for resource management. Ensures compliance with relevant statutory or external regulations and codes of good practice. Promotes the development of resource management policies, standards and guidelines as well as audits and assessment of resource management processes.
• Create security plans, policies, standards and training that prepares the organization to respond efficiently and effectively to vulnerabilities.
• Develop, implement, and maintain the organization’s vulnerability management program, including policies, procedures, and standards for identifying, assessing, and remediating vulnerabilities across all IT assets.
• Oversee regular vulnerability scanning and assessment activities for infrastructure, applications, cloud environments, and networks; ensure timely and effective remediation of identified risks.
• Coordinate with IT, application development, infrastructure, and security operations teams to prioritize and remediate vulnerabilities based on risk and business impact.
• Monitor external sources for emerging vulnerabilities, threat actor activity, and campaigns; produce actionable intelligence and reports for technical teams and leadership.
• Lead the selection, deployment, and optimization of vulnerability management tools and platforms, ensuring comprehensive coverage and automation of detection and remediation processes.
• Track and report on vulnerability management metrics, remediation progress, and overall security posture to executive leadership; translate technical findings into business risk language.
• Ensure compliance with regulatory requirements (SOX, PCI DSS, privacy laws) and participate in internal/external audits related to vulnerability management.
• Coordinate and lead incident response actions related to vulnerabilities, including assessment, containment, mitigation, and documentation across teams.
• Support forensic investigations and vulnerability remediation, applying findings to strengthen system security and reduce exposure.
• Mentor and develop vulnerability management analysts and engineers, fostering continuous learning and professional growth.
• Automate and optimize vulnerability detection, alert triage, and remediation workflows to reduce false positives and accelerate incident resolution.
• Facilitate cross-functional collaboration with SOC, IR, engineering, and risk teams to ensure vulnerability management outcomes are actionable and aligned with business needs.
• Remain current on industry best practices, emerging threats, and new technologies in vulnerability management; continuously improve processes based on feedback and lessons learned.
• Coordinate staff when responding to urgent issues and findings.
• Control budgets for vulnerability manabement and monitor expenses.
• Attend meetings with other managers to determine operational needs.
• Participates and contributes to information security-related internal / external audits.
• Remain aware of and apply industry best practices in security techniques.
• Performs other duties as assigned

Benefits

• Full-time positions are eligible for paid time off, health, dental, vision, life and disability benefits.
• Part-time positions are eligible for dental, vision, life, and disability benefits.