Program Manager - Exposure Management

About The Position

Requirements

• Proven experience managing cybersecurity or technology programs for large‑scale enterprise initiatives.
• 5+ years of experience in program management, cybersecurity operations, or technology delivery roles.
• Experience coordinating or supporting exposure management capabilities such as vulnerability management, CTEM, attack surface management, remediation governance, validation, or risk prioritization programs.
• Strong understanding of exposure management and CTEM concepts across on-prem, cloud, SaaS, OT, and hybrid environments.
• Familiarity with validation practices such as offensive security testing, purple teaming, exposure validation, or control effectiveness assessments.
• Demonstrated ability to manage cross‑functional workstreams, dependencies, and competing priorities.
• Communication and organizational skills, with the ability to produce executive‑ready status updates and reporting.
• Ability to operate effectively in a matrixed organization without direct authority.
• Ability to work effectively in a highly regulated environment with strong attention to governance, risk reduction, and operational discipline.

Nice To Haves

• Experience supporting or coordinating vulnerability management, CTEM, attack surface management, validation, or remediation governance programs.
• Familiarity with risk-based prioritization approaches and exposure scoring models.
• Experience developing program dashboards, KPIs, and operational reporting.
• Experience coordinating exposure management initiatives with security operations, threat intelligence, validation, or GRC teams.
• Exposure to continuous offensive security or validation programs that inform exposure prioritization and remediation outcomes.
• Familiarity with vulnerability prioritization, remediation tracking, and attack surface visibility practices.
• Experience supporting or securing highly regulated or critical infrastructure environments.
• Working knowledge of vulnerability lifecycle processes, remediation coordination, and exposure reporting best practices.

Responsibilities

• Execute the enterprise Exposure Management and CTEM program roadmap in alignment with strategic direction set by cybersecurity leadership.
• Manage integrated program plans across vulnerability management, CTEM, exposure assessment, validation, remediation, and reporting initiatives, including milestones, dependencies, risks, and delivery timelines.
• Establish and maintain program operating rhythms, including status reporting, risk and issue management, and action item tracking.
• Implement and maintain operating models, workflows, and procedures to support effective and repeatable exposure management program execution.
• Coordinate cross-functional delivery efforts across Cybersecurity, Technology, Infrastructure, Application, and business teams to ensure alignment and timely execution.
• Ensure initiatives are operationally ready prior to scale or enforcement, including documented processes, escalation paths, communications, and stakeholder alignment.
• Support enterprise efforts to define, implement, and govern risk-based prioritization models for vulnerabilities and exposures across on-prem, cloud, OT, and hybrid environments.
• Support the design and execution of CTEM operating rhythms by coordinating activities across visibility, prioritization, validation, mobilization, and remediation functions.
• Partner with validation and offensive security teams to support continuous testing efforts that confirm whether prioritized exposures are exploitable, materially impactful, and appropriately remediated.
• Coordinate continuous offensive security validation activities, including purple team style assessments, adversary emulation informed testing, or other validation efforts that improve confidence in exposure prioritization and remediation decisions.
• Drive ongoing maturity of exposure management capabilities by coordinating adoption, tuning, and remediation workflows to reduce risk while minimizing business friction.
• Coordinate remediation activities for identified exposures, including vulnerabilities, misconfigurations, unsupported assets, weak controls, and externally visible risks.
• Partner with security operations, threat intelligence, validation, and offensive security teams to support exposure triage, prioritization, escalation workflows, and continuous validation of control effectiveness.
• Develop and maintain program metrics, dashboards, and reporting related to delivery progress, operational effectiveness, and exposure reduction outcomes.
• Support governance, change management, and exception processes for exposure management policies, standards, and enforcement actions.
• Promote a culture of accountability, collaboration, and continuous improvement across exposure management program stakeholders.

Benefits

• Competitive base salary
• Annual incentive awards for eligible employees
• Health, welfare and retirement benefits designed to support physical, financial, and emotional/social well-being
• Additional compensation, such as an incentive program