Senior Manager, Threat Management

Wintrust Financial Corporation•Rosemont, IL

2d•Hybrid

About The Position

Wintrust Financial is seeking a highly experienced Senior Manager of Threat Management, within its Cybersecurity organization. This leader will be responsible for oversight of Application Security, Vulnerability Management as distinct teams and third-party network/application penetration testing as an incumbent function of both programs. This role will report directly to the VP of Security Engineering and Threat Management. This senior leadership role is responsible for the oversight and continuous advancement of maturity across three core functions within Threat Management: Secure Development, Security Testing and Scanning, and Remediation Consulting. The position focuses on embedding security into the software development lifecycle, strengthening vulnerability identification and prioritization processes, and delivering expert guidance on remediation to mitigate risks in alignment with financial services regulatory requirements and industry best practices. The successful candidate will bring 7–10 years of progressive experience in cybersecurity, with demonstrated expertise in leading and managing application security, threat management, or vulnerability programs. Experience implementing guardrails and controls for use of LLM’s within the software development lifecycle or AI in any automation capacity is considered a plus. Programmatic use or incorporation of AI/LLM’s is encouraged as part of future state program strategy.

Requirements

Bachelor’s degree or equivalent experience
7-10 years of related experience
Strategic program leadership experience with cross-functional collaboration with development, engineering, and business teams as well as the delivery of measurable improvements in the overall security posture
Strong communication and technical literacy around attack paths and vulnerability processes

Nice To Haves

Experience implementing guardrails and controls for use of LLM’s within the software development lifecycle or AI in any automation capacity is considered a plus.
CISSP, CSSLP, CISM, OSCP, GPEN, GWAPT or equivalent highly desirable

Responsibilities

Oversight and advancement of Secure Development practices, including SAST, DAST, SCA, IaC, API security, Threat Modeling, and integration into the Secure Development Lifecycle (SDLC)
Establish a 'Security Champions' program and lead tailored secure-code training initiatives to reduce recurring vulnerability patterns and foster a security-first culture among engineering teams
Develop and enforce enterprise application security standards and secure coding guidelines to corresponding application development and DevOps teams
Leadership of Security Testing and Scanning activities, encompassing Vulnerability Identification and Discovery, Risk Evaluation and Prioritization (using frameworks such as CVSSv3), Security Control Verification, Scan Operations, and Offensive Penetration Testing
Direct the execution of continuous security scanning and periodic penetration testing programs, ensuring comprehensive visibility into the external attack surface and internal infrastructure
Consulting services, including Patching guidance and governance, code refactoring, Configuration hardening, verification, and fix validation
Develop a repeatable process for ingesting, normalizing and third-party penetration test findings and coordinating with IT leaders on remediation expectations and minimizing risk tolerance incurrence