Threat and Vulnerability Program Manager

About The Position

Requirements

• 10 years of cybersecurity experience, with 3 to 5 years in vulnerability management
• Strong expertise across cloud (AWS, Azure, GCP), on-premise, and application environments
• Experience with tools such as Tenable, and native cloud scanning technologies
• Strong knowledge of risk frameworks (e.g., NIST, ISO, CVSS)
• Bachelor’s degree in Computer Science, Engineering, Cyber Security, or related experience
• Excellent analytical, communication, and stakeholder engagement skills
• Bachelor’s degree in related field, such as Business, IT, Computer Science or related experience
• Knowledge of IP network infrastructure (firewalls, intrusion detection/prevention), access control, data encryption and on-prem and cloud security
• Excellent communication skills, including the ability to communicate effectively in English, both written and verbal
• Ability to present complex topics in clear, non-technical language
• Ability to work collaboratively within team and across business and technology functions
• Detail-oriented individual with critical thinking, analytical, and problem-solving skills
• Demonstrated ability to be proactive and take ownership of and solve problems
• Ability to handle multiple assignments concurrently within an iterative environment
• Deep capability in applying risk principles to the business environment.
• Ability to clearly articulate risk concepts and results to business leaders and navigate collaborative and informed decision making.
• Can effectively connect with both technical and non-technical staff.
• Ability to translate sophisticated technical concepts into plain English and present them in a way that decision-makers can understand.
• Positive influencing skills both verbally and through the preparation of written materials in order to build relationships, influence and negotiate.
• Strong project management and delegation skills in prioritizing and reprioritizing projects of various size and complexity across multiple functional groups and departments.

Nice To Haves

• One or more of the following certifications such as: CISSP, CRISC, CISA, CompTIA CySA+
• 5+ years of prior experience in a related field (media, entertainment, business development or streaming services industry experience a plus)
• Familiarity with streaming and similar products/services
• Experience working in a national, global company, Federal agency, or a major university
• Proficiency in vulnerability scanning tools and understanding of common vulnerabilities

Responsibilities

• Lead GU’s program for managing vulnerabilities across on-prem infrastructure, cloud and applications; guiding the process from finding vulnerabilities, to mitigating risk.
• Manage GU’s vulnerability scanners and MSSP to make sure scans are thorough and results are prioritized by how risky they are; assist and direct the process of resolving vulnerabilities and report on the status; and verify that the actions taken to fix them are working
• Analyze Security Findings to evaluate the effectiveness of existing security measures and recommend improvements
• Drive vulnerability remediation with asset owners inline with established risk mitigation SLA’s.
• Incorporate vulnerability risk into the broader GU risk oversight framework, continuously evaluating the risk associated with the state of remediation SLA compliance.
• Oversee vulnerability scanning activities across the enterprise, including automated, authenticated, and manual assessments.
• Define and apply risk-based classification standards for vulnerabilities using CVSS and contextual asset/business impact.
• Maintain dashboards and reporting for vulnerability risk metrics.
• Establish SLAs for remediation, drive accountability, and verify remediation effectiveness.
• Integrate vulnerability management into broader risk oversight and UISO governance.
• Collaborate with DevSecOps, product engineering, and infrastructure teams to embed remediation into operational workflows.
• Provide briefings on Vulnerability Analyst/Findings
• Drives necessary security changes through steering groups and control (review) boards to meet Risk Management milestones
• Develops risk mitigation strategies that contribute to the effectiveness, efficiencies, and performance outcomes for strategic projects, program goals, and business processes.
• Evaluate security solutions and implementation strategies for Program IT systems and services and maintain operational security posture of development, integration, and deployed capabilities.
• Stay updated to the latest security threats, vulnerabilities and industry best practices to enhance our security framework

Benefits

• Georgetown University offers a comprehensive and competitive benefit package that includes medical, dental, vision, disability and life insurance, retirement savings, tuition assistance, work-life balance benefits, employee discounts and an array of voluntary insurance options.
• You can learn more about benefits and eligibility on the Department of Human Resources website.