About the position
The vulnerability manager will be responsible for managing the full lifecycle of security vulnerabilities, from discovery to remediation. They will use various tools to identify and prioritize vulnerabilities, ensuring that IT systems are regularly updated and secure. The role also involves reporting on vulnerability and patching status, as well as responding to critical vulnerabilities. The vulnerability manager will work closely with the Head of Information Security and other stakeholders to achieve and maintain compliance with information security standards.
Responsibilities
- Manage the full lifecycle of security vulnerabilities from discovery to remediation
- Identify and classify vulnerabilities using various tools
- Prioritize vulnerabilities and manage the implementation of remedial patching or alternative solutions
- Provide management reporting on vulnerability and patching status
- Respond to critical vulnerabilities to secure the estate
- Create and maintain patching schedules for various systems and applications
- Manage an offshore vulnerability remediation resource
- Ensure operating system patching schedules are implemented across the estate
- Make recommendations to minimize risk for components that are end of life and no longer receive security updates
- Operate and manage vulnerability tools and supplier services
- Achieve and maintain compliance with information security standards
- Collaborate with various stakeholders including the Head of IT Delivery, Agilisys Shared services Head of Information Security, client senior IT and information assurance management, service delivery managers, service team managers, and project managers
- Possess good knowledge of Vulnerability Management and associated tools, processes, and reporting
- Have experience working with recognized IT Security standards and frameworks such as PCI-DSS, ISO27001, NIST CSF, GovS 007, and Cyber Essentials
- Desirable: Proven experience in staff/team management
- Desirable: Possess certifications such as CompTIA Security+, CompTIA Network+, CISM, CISSP, CCSP, or similar
- Desirable: Familiarity with ITIL service standards and associated training, certification, and experience.
Requirements
- Good knowledge of Vulnerability Management and use of associated tools, processes, and reporting
- Experience within Local Government or a large company
- Management of remote or offshore operations services
- Experience of working with recognized IT Security standards and frameworks such as PCI-DSS, ISO27001, NIST CSF, GovS 007, and Cyber Essentials
- Desirable: Proven experience of staff/team management
- Desirable: CompTIA Security+, CompTIA Network+, CISM, CISSP, CCSP, or similar certification and training
- Desirable: Familiarity of working to ITIL service standards and associated training, certification, and experience
Benefits
- Enhanced Pension Scheme
- Health Insurance
- Life Assurance
- Access to exclusive discounts and offers through the company's "Perks at Work" scheme
- 25 days annual leave (with the option to buy more)