INTRODUCTION
At Burberry, we believe creativity opens spaces. Our purpose is to unlock the power of imagination to push boundaries and open new possibilities for our people, our customers and our communities. This is the core belief that has guided Burberry since it was founded in 1856 and is central to how we operate as a company today.
We aim to provide an environment for creative minds from different backgrounds to thrive, bringing a wide range of skills and experiences to everything we do. As a purposeful, values-driven brand, we are committed to being a force for good in the world as well, creating the next generation of sustainable luxury for customers, driving industry change and championing our communities.
JOB PURPOSE
The Burberry Cyber Security Operations team is globally responsible for Security Monitoring, Incident Response, Vulnerability Management and Attack Surface Management. The Vulnerability Manager, reporting to Director - Cyber Security Operations, plays a key role in overseeing the identification, prioritisation and remediation of vulnerabilities across the Burberry Global IT estate.
RESPONSIBILITIES
The Vulnerability Manager will be responsible for:
1. Leading and maintaining the Vulnerability Management programme and services.
2. Reporting and tracking key performance indicators and metrics to measure the effectiveness of the Vulnerability Management programme.
3. Developing and maintaining clear processes and procedures related to vulnerability management.
4. Collaborating with wider IT teams to develop remediation plans and support patch management activities/programmes.
5. Tracking the progress of remediation efforts according to established SLA's.
6. Staying up to date with the latest vulnerabilities and exploits, escalating remediation where required.
7. Leveraging Threat Intelligence and other factors to prioritize critical vulnerabilities.
8. Preparing and presenting monthly reports of Security Posture and Vulnerabilities Management status.
9. Participating in Cyber Security Incident Response activities where required.
PERSONAL PROFILE
1. Working towards relevant academic or industry qualifications such as CEH, CISSP, CISM, CISA.
2. Demonstrating experience of leading and managing Vulnerability Management functions.
3. Being passionate about service/security and keeping up to date on the latest news and trends.
4. Being an IT Security Professional with experience across a broad set of security domains.
5. Demonstrating the ability to distil complex, often technical, security issues to a variety of audiences.
Mandatory:
1. Experience with Vulnerability Assessment technologies, such as Qualys, Tanium, Wiz.
2. Demonstrating in-depth knowledge and experience of the following operating systems: Windows Server, Unix/Linux, Windows Desktop, MacOSX.
3. Demonstrating in-depth knowledge and experience in at least two of the following platforms: AWS, Azure, Microsoft 365.
4. Experience with developing and assuring Secure Build Standards.
5. Proficiency in multiple scripting languages, e.g., PowerShell, Python, etc.
6. Experience with data visualisation, BI and reporting suites.
Desirable:
1. Relevant academic or industry qualifications such as CEH, CISSP, CISM, CISA.
2. Experience with Security Information Event Management Solutions and Orchestration/Automation.
3. Data Science experience working with large data sets.
4. Experience building Security Detection Logic, SPL/YARA.
Burberry is an Equal Opportunities Employer and as such, treats all applications equally and recruits purely on the basis of skills and experience. #J-18808-Ljbffr