Senior Security Manager, Vulnerability Management & Remediation (Hybrid)

About The Position

Requirements

• Proven track record of implementing large scale VMR program and ensuring customer success
• Subject matter expertise in Vulnerability Management Lifecycle - asset discovery, internal/external scans, contextualization and risk-based assessment, triaging of CVEs, detection authoring, security data pipeline, reporting, and remediation through automation at scale.
• Hands-on experience in managing compliance (PCI, NYDFS, SOX etc.) for vulnerability management
• Identified as someone who genuinely cares about others and invests time and attention in career counseling others, focusing time and energy in encouraging associates to continue to grow and stretch into new roles or gain experience or skillsets needed to prepare for future roles
• Working with executive leadership across cross-functional organizations
• 10+ years of hands-on security and software engineering experience
• 8+ years of experience with end-to-end Vulnerability Management lifecycle, including asset discovery, scanning, CVE triage, risk-based prioritization, remediation, and reporting at enterprise scale.
• 8+ years of experience building and leading high-performing security engineering teams, with a strong focus on coaching, execution, and delivery of large-scale programs.
• Hands-on background in security and software engineering, including secure coding practices, DevSecOps, automation, and building scalable systems in hybrid or cloud environments.
• Demonstrated ability to drive enterprise-wide VMR programs, partnering with product, infrastructure, and executive leadership to influence strategy and outcomes.
• Strong understanding of regulatory and compliance requirements (e.g., PCI, SOX, NYDFS) and the ability to operationalize controls beyond baseline compliance.

Responsibilities

• Create vision, charter, and roadmap for Vulnerability Management and Remediation that aligns with industry best practices.
• Lead a team of security engineers in the execution of GEICO’s security strategies and action plans.
• Oversee the risk assessment and prioritization of security vulnerabilities within services, applications, and infrastructure.
• Collaborate with technology engineering, product management, and other stakeholders to integrate security tooling across the ecosystem.
• Participate in the enhancement of security awareness and train developers and other relevant staff in secure coding practices.
• Establish metrics and regular reporting mechanisms for measuring security status and the effectiveness of the VMR security tooling.
• Keep abreast of the latest security regulations, advisories, alerts, and vulnerabilities pertaining to the company and its mission.
• Identify and raise appropriate project risks, in addition to presenting detailed and implementable solutions or alternatives.
• Report on your team’s progress for project and other key metrics, in addition to presenting detailed and implementable ideas for areas to further improve or influence security deliveries
• Initiate and support performance evaluation of team members
• Cultivate a culture that motivates all levels of performers to higher levels of achievement
• Execute change management processes and best practices, adapting approach as necessary

Benefits

• Comprehensive Total Rewards program that offers personalized coverage tailor-made for you and your family’s overall well-being.
• Financial benefits including market-competitive compensation; a 401K savings plan vested from day one that offers a 6% match; performance and recognition-based incentives; and tuition assistance.
• Access to additional benefits like mental healthcare as well as fertility and adoption assistance.
• Supports flexibility- We provide workplace flexibility as well as our GEICO Flex program, which offers the ability to work from anywhere in the US for up to four weeks per year.