Manager, Vulnerability Management

Job Summary The Vulnerability Management Manager is responsible for identifying, assessing, prioritizing, and driving remediation of security vulnerabilities across the organization's infrastructure, applications, and endpoints. This role partners closely with IT operations, engineering, architecture, and security teams to ensure timely patching, risk reduction, risk remediation, and compliance with security standards and regulatory requirements. The role requires an individual with strong communication and organizational skills, and the technical capability to understand, interpret, and prioritize vulnerability findings. Responsibilities Leads and manages the Vulnerability Management program Oversee strategic development of the team, including general administrative tasks such as employ work schedules, delegating responsibilities, and ensure team is meeting goals as defined by the Product and Technology organization Develop and oversee a patch management program Communicates key findings, road blockers, major risks etc. to the Vulnerability Management Steering Committee and corporate leadership in a timely manner, as required Fulfils all compliance and audit responsibilities, as related to the position Develops and drives program strategy, roadmap, and objectives, in alignment with organizational policies and goals Establishes workstream and communication channels between relevant teams such as Threat Intelligence and Security Operations Center Evaluates and adjust current program framework, on an annual basis, to ensure security controls enforced are in alignment with industry and organization best practices Administration of vulnerability management reporting and tracking tools, including maintaining integrations with on prem, cloud, and code vulnerability management platforms Participate in additional projects and tasks, at the direction of Security Leadership Qualifications Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or equivalent experience Minimum 8 years of experience in vulnerability management, patch management, or security operations At least one security certification such as Security+, CISSP, CEH, GSEC, or equivalent Strong understanding of operating systems (Windows, Linux), networking, and enterprise infrastructure Experience with vulnerability scanning tools (e.g., Tenable, Qualys, Rapid7, CrowdStrike Exposure Management) Familiarity with patch management tools and platforms (e.g., SCCM, Intune, WSUS, JAMF, Ansible) Knowledge of

CVE, CVSS, NIST, CIS

benchmarks, and common threat vectors Ability to clearly communicate technical risk to non-technical stakeholders, by assessing and focusing on business impact Experience supporting compliance frameworks (ISO 27001, SOC 2, PCI DSS,) Experience with cloud platforms and cloud-native vulnerability tools, as well as code platforms