Senior Specialist, IT Vulnerability Management

About The Position

Requirements

• A bachelor’s degree in information technology, Cybersecurity, or a related field. An equivalent combination of education and/or experience may be considered.
• An advanced security certification is required (e.g., CISSP, CISM, or equivalent).
• A minimum of 7 to 10 years of progressive experience in information security, including vulnerability management or risk management.
• Demonstrated experience advising senior leadership and influencing enterprise-level decisions.
• Experience designing and governing security programs.

Responsibilities

• Own the enterprise Vulnerability Management strategy, framework, standards, and operating model.
• Define vulnerability risk scoring, prioritization, and exception handling aligned with enterprise risk management practices.
• Ensure vulnerability management practices align with recognized frameworks (e.g., ISO 27001/27002, NIST, ITSG‑33).
• Maintain accountability for the effectiveness and outcomes of vulnerability management services, including third‑party providers.
• Translate technical vulnerability findings into clear, business‑relevant risk insights for senior leadership.
• Advise on vulnerability risk acceptance, remediation prioritization, compensating controls, and security implications of new technologies and architectures.
• Define, track, and report on vulnerability management KPIs and KRIs, including executive‑ and board‑level reporting on exposure, trends, and remediation effectiveness.
• Lead and collaborate across security, IT, application, and infrastructure teams; mentor specialists and engage with vendors, auditors, and regulators as required.

Benefits

• Annual Paid vacation.
• Annual individual performance incentive.
• Defined benefit pension plan.
• Comprehensive group insurance plan to support your well-being from day one.
• Support towards your personal and professional growth with training, mentorship and more.
• An inclusive workplace culture and environment.