Vulnerability Management and Cyber Controls Lead

Apollo Management Holdings•New York City, NY

About The Position

At Apollo, we’re a global team of alternative investment managers passionate about delivering uncommon value to our investors and shareholders. With over 30 years of proven expertise across Private Equity, Credit, and Real Estate, we’re known for our integrated businesses, strong investment performance, and value-oriented philosophy — all powered by our people. Role Overview Apollo is seeking a Vulnerability Management and Cyber Controls Lead to join our dynamic and growing Cybersecurity organization. This individual will own and evolve the firm’s global Vulnerability Management (VM) program — driving continuous improvement toward a best-in-class capability. This is a technical and hands-on role, responsible for end-to-end processes spanning external exposure management, imminent threat response, vulnerability identification and prioritization, and facilitation of remediation across infrastructure, applications, and cloud environments. The ideal candidate combines deep technical expertise with strategic vision — able to design, operate, and improve scalable, data-driven solutions that strengthen Apollo’s overall security posture.

Requirements

7+ years of experience in Cybersecurity, Infrastructure Security, or Vulnerability Management.
Technical proficiency across network, system, and application layers — including scanning methodologies, asset discovery, and exploit analysis.
Hands-on experience operating and tuning vulnerability management tools (e.g., Tenable.io, Qualys VMDR, Rapid7 InsightVM) and discovery utilities (e.g., Nmap, SSLScan, Shodan, or custom scripts).
Experience leveraging threat intelligence and CVSS/CISA/EPSS data for vulnerability prioritization.
Strong understanding of cloud infrastructure (AWS, Azure, GCP) and modern application stacks.
Proficiency in scripting or automation (e.g., Python, PowerShell, Bash) and query-based data analysis (SQL, Excel, or equivalent).
Demonstrated success in building and optimizing technical processes at scale; experience designing metrics, dashboards, and analytics (Tableau, PowerBI, or similar).
Ability to partner across technical and business teams, influence remediation activities, and communicate risk in clear, actionable terms.
Knowledge of IT processes, secure configuration baselines, and control frameworks (CIS, NIST, ISO, FFIEC).

Nice To Haves

Experience in financial services or other highly regulated environments preferred.
Consulting or architecture background a plus.

Responsibilities

Own and mature the global Vulnerability Management program, covering external exposure, imminent threats, vulnerability identification and prioritization, and remediation facilitation.
Serve as the technical subject matter expert for vulnerability management tools and processes (e.g., Tenable, Qualys, Rapid7, or equivalent).
Continuously assess and improve VM processes to achieve best-in-class coverage, efficiency, and visibility.
Leverage automation, analytics, and threat intelligence to enhance accuracy and reduce remediation timelines.
Operate and optimize scanning platforms, discovery tooling, and reporting pipelines to ensure comprehensive asset visibility.
Partner with Infrastructure, Engineering, Application, and Cloud teams to drive effective risk reduction across environments.
Lead critical vulnerability identification and response exercises, including analysis of zero-day or imminent threats.
Develop and maintain metrics, dashboards, and executive-level reporting on vulnerability posture, remediation progress, and program maturity.
Collaborate with Enterprise Risk, Internal Audit, and Application Security teams to ensure alignment with firm-wide risk management practices.
Maintain ownership of service delivery quality, issue resolution, and stakeholder communication.
Stay current with industry trends, threat intelligence, and evolving tools to proactively strengthen Apollo’s defenses.