Manager, Enterprise Vulnerability Management

About The Position

Requirements

• Bachelor's degree in computer science, information security, or equivalent experience, with 8+ years in information security and at least 3 years focused on vulnerability management
• Proven track record building, scaling, or leading a vulnerability management program in a large, complex environment (multi-cloud, global, or high-scale tech/SaaS preferred)
• Deep knowledge of vulnerability management tools and strong understanding of asset discovery, scanning methodologies, cloud security (AWS, Azure, GCP), containers, and modern infrastructure
• Knowledge of relevant frameworks: NIST, FedRAMP, CIS, OWASP, ISO 27001
• Excellent program management, leadership, and communication skills with the ability to drive complex cross-functional initiatives with measurable outcomes
• Willingness to travel up to 5% as required

Nice To Haves

• Relevant certifications: CISSP, CISM, CRISC, GIAC, CCSP, or vendor-specific
• Experience with automation/scripting and integration with DevOps pipelines (e.g., CI/CD, ticketing systems, or orchestration tools)
• Demonstrated fiscal responsibility and accountability in managing budgets
• Superior ability to coach, mentor, and develop team members and identify future leaders
• Strong business and technology acumen with the ability to engage and present effectively at the executive level

Responsibilities

• Define, evolve, and execute the team-level and program execution strategy for enterprise vulnerability management aligned with business objectives (e.g., SOC 2, ISO 27001, NIST), including metrics, dashboards, and continuous improvement initiatives.
• Oversee the end-to-end vulnerability management lifecycle including discovery, assessment, risk-based prioritization, remediation/mitigation, and verification using frameworks that combine technical severity with business impact.
• Partner with engineering, IT, AppSec, and cloud teams to triage vulnerabilities from scanners, penetration tests, and bug bounties — removing blockers and ensuring accountability for remediation.
• Build, document, and optimize processes for asset management, scanning, reporting, and tracking while identifying and driving automation opportunities to scale the program.
• Provide executive-level reporting on program effectiveness, risk posture, trends, and key metrics, ensuring alignment with internal policies, industry standards, and audit requirements.
• Lead, develop, and mentor a team of vulnerability management analysts, fostering accountability, personal growth, and a culture of continuous improvement.

Benefits

• career development resources
• wellbeing programs
• innovation practices