Senior Manager - Information Security (Exposure Management)
CVS Health•Hartford, CT
•$118,450 - $284,280
About The Position
The Senior Manager, Exposure Management leads a team of remediation engineers responsible for reducing enterprise security risk across the organization’s technology environment. This role drives the end-to-end remediation program, ensuring timely mitigation of vulnerabilities while balancing operational stability, business priorities, and risk tolerance. The Senior Manager partners across security, infrastructure, and application teams to implement scalable, risk-based remediation strategies and improve overall exposure management effectiveness.
Requirements
- 7+ years of experience in cybersecurity, with at least 3+ years focused on vulnerability or exposure management
- 3+ years of people leadership experience, including managing technical teams and driving outcomes
- Hands-on experience with vulnerability management platforms (e.g., Qualys, Tenable, Rapid7, Wiz)
- Strong understanding of operating systems (Windows, Linux, macOS), networking concepts, and enterprise infrastructure
- Proven ability to apply risk-based decisioning in vulnerability prioritization and remediation
Nice To Haves
- Relevant industry certifications (e.g., CISSP, GIAC, CEH, Qualys VMDR) combined with strong analytical, problem-solving, and troubleshooting skills
- Experience with patching, configuration management, and remediation tools (e.g., SCCM, Ansible, Puppet) in large-scale environments
- Knowledge of secure coding practices and common vulnerabilities (e.g., OWASP Top 10, SANS Top 25)
- Hands-on experience with scripting and automation (e.g., Python, PowerShell, Bash) to improve remediation efficiency
- Proven ability to manage enterprise-scale remediation programs in cloud or hybrid environments and clearly communicate technical risk to both executive and non-technical stakeholders
Responsibilities
- Lead enterprise-wide vulnerability remediation efforts and execute risk-based strategies using CVSS, exploitability, asset criticality, and business impact
- Drive cross-functional collaboration with security, engineering, cloud, and infrastructure teams to ensure effective and timely remediation outcomes
- Oversee remediation lifecycle management, ensuring vulnerabilities are prioritized, tracked, and resolved within defined SLAs
- Establish and enforce prioritization models, including exception handling, risk acceptance, and escalation of high-risk issues
- Deliver executive reporting on exposure trends, remediation performance, and overall risk posture
- Improve remediation processes, tooling, and automation to enhance efficiency and reduce false positives
- Ensure alignment with regulatory and compliance frameworks and support audits, risk assessments, and governance activities
Benefits
- medical
- dental
- vision coverage
- paid time off
- retirement savings options
- wellness programs
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
Upload and Match Resume
What This Job Offers
Job Type
Full-time
Career Level
Senior
Education Level
Associate degree
