Head of Vulnerability Management is required by a leading financial technology and data science firm. The Head of Vulnerability Management will be responsible for leading a "greenfield" global vulnerability management programme, identifying, assessing, and mitigating vulnerabilities in systems, networks, and applications. This role blends technical expertise with operational management, requiring close coordination with internal stakeholders to ensure the timely and efficient remediation of vulnerabilities.
The role entails managing and overseeing both the technical aspects of vulnerability identification and prioritisation, as well as the non-technical side involving communication, and coordination with cross-functional teams to ensure timely patching and remediation, compliance and reporting. Your role will include evaluating vulnerabilities for exploitability, aligning patching schedules, and overseeing, and ensuring the integrity of pre- and post-patch checks. The position reports directly to the Head of Security.
* Lead the Vulnerability Management Programme: Oversee vulnerability scanning, analysis, prioritisation, and remediation efforts, ensuring alignment with corporate security goals and compliance.
* Stakeholder Coordination: Collaborate with IT, Cloud, engineering, business and security teams to schedule patching and remediation activities. Ensure patching causes minimal disruption to business operations
* Communication: Draft and send out clear communications on upcoming patching activities, vulnerability disclosures, and remediation plans. Report regularly to stakeholders on the status of vulnerability management efforts, including producing detailed management reports and metrics to track progress, highlight key issues, and ensure transparency in remediation actions.
* Pre and Post-Patch Verification: Ensure all patches are properly tested before deployment and verify the success of patches post-deployment using relevant tools and methods.
* Vulnerability Assessment and Exploitability Analysis: Assess which vulnerabilities are most critical to the business, prioritising them based on potential exploitability and risk.
* Collaboration: Work with security teams globally, aligning efforts and sharing best practices to maintain a secure and resilient environment.
* Continuous Improvement: Stay updated on the latest vulnerability trends, attack vectors, and cybersecurity threats by following industry news, participating in relevant forums, and maintaining vendor relationships. Recommend and implement tools, automation, and processes to improve the efficiency and accuracy of vulnerability detection, analysis, and remediation
* External Penetration Testing Coordination: Collaborate with external vendors to schedule and coordinate penetration testing activities. Ensure that the scope of the tests aligns with organizational security goals and regulatory requirements. Communicate test results to relevant stakeholders, including producing reports that detail findings, metrics, and recommended remediation actions. Track the resolution of identified vulnerabilities to ensure timely mitigation
* Incident Response Support: Collaborate with the incident response team to investigate and drive remediation of vulnerabilities with stakeholders that are being actively exploited or pose significant risks to the business. Provide vulnerability data, security research and context during security incidents to support containment, remediation, and recovery efforts
* Collaboration with Product Security Team: Work closely with the product security team to ensure vulnerabilities in internally developed applications are effectively tracked and remediated. Regularly produce reports and metrics on the status of application vulnerabilities and remediation progress, ensuring visibility across teams and stakeholders
Your present skillset
* Minimum 5 years of experience in vulnerability management or a similar security role, with at least 2 years in a leadership capacity
* Strong technical knowledge with hands on experience using vulnerability scanning/assessment tools
* Familiarity with both on-premise and cloud environments (AWS, Azure) and hybrid setups.
* Ability to communicate effectively with both technical and non-technical stakeholders.
* Experience in coordinating patch management processes across a large organisation and time zones, ensuring minimal business disruption
* Ability to evaluate vulnerabilities based on risk and exploitability, guiding patching priorities.
* Strong organisational skills to manage patch schedules, stakeholder coordination, and compliance requirements
Desirable:
* Certifications such as CISSP, CISM, or relevant security qualifications
* Experience working in a fast-paced, globally distributed organisation
* Familiarity with regulatory requirements and security standards (e.g., ISO 27001, NIST)