Senior Associate - Patch & Vulnerability Operations Lead

About The Position

Requirements

• 10+ years in IT Operations, Infrastructure, Security Engineering, SRE, or Vulnerability Management, with experience leading cross-functional remediation programs.
• Strong understanding of vulnerability scanning, patching, change, exception, asset inventory, and remediation governance.
• Experience with Qualys, Tanium, ServiceNow/Jira, CMDB, dashboarding, executive reporting, and SLA management.
• Ability to influence senior stakeholders and drive decisions across Technology, Security, Risk, and Application teams.

Nice To Haves

• Financial services or regulated-industry experience.
• Familiarity with cloud security posture, container security, DevOps, CI/CD, and application security integrations.
• Certifications such as CISSP, CISM, CRISC, ITIL, cloud security, or SRE-related credentials.

Responsibilities

• Own the enterprise patch and vulnerability remediation operating model across on-prem, cloud, endpoint, and application-dependent environments.
• Define and enforce intake, triage, severity lanes, remediation SLAs, escalation paths, exception handling, and closure evidence standards.
• Chair daily and weekly remediation governance forums; drive accountability across resolver teams and surface blockers for executive action.
• Design the centralized workflow that connects scanning, asset ownership, patch execution, change coordination, validation, and executive reporting.
• Triage findings from Qualys, Tanium, security alerts, vendor advisories, threat intelligence, and exception requests.
• Prioritize remediation by severity, exploitability, exposure, business criticality, compensating controls, and regulatory/audit impact.
• Ensure every finding has an accountable owner, target date, remediation path, and documented status.
• Manage zero-day, Critical VIT, High, Medium, Low, and priority patch lanes, including 24-hour, 3-day, and 6-day accelerated cycles.
• Produce executive dashboards covering backlog, aging, SLA adherence, mean time to closure, patch success rate, rollback count, exception aging, ownerless assets, and automation coverage.
• Translate technical remediation risk into business impact, escalation decisions, and leadership actions.
• Partner with Risk, Security, Audit, and Technology leadership on evidence quality, control maturity, and remediation accountability.
• Coordinate endpoint, infrastructure, cloud, and application remediation dependencies across CIO teams, SREs, DevOps, and vendors.
• Escalate blocked remediation caused by application validation, reboot approvals, access constraints, tooling gaps, vendor delays, or production sign-off issues.
• Partner with automation teams to reduce manual validation and increase evidence capture.
• Set remediation expectations, SLA timelines, status reporting standards, and evidence requirements for in-scope vulnerabilities.
• Require remediation plans, target dates, owner assignment, and time-bound exception requests from infrastructure, endpoint, cloud, and application teams.
• Escalate missed deadlines, unresolved blockers, unmanaged risk, and unsupported exceptions through formal governance channels.

Benefits

• leave programs
• adoption assistance
• student loan repayment programs