Information Technology Governance Manager

Position: Cyber Threat and Exposure Management (TEM) – Oversight & Governance

Type: 3-Month Contract-to-Hire

Compensation: Up to $121/hour (W2)

Our client, a leading organization in the financial services domain, is seeking a senior-level Cyber Threat and Exposure Management professional to lead and mature its vulnerability and patch management governance program. This role will be responsible for designing, operating, and continuously improving enterprise-wide governance frameworks that ensure vulnerabilities are identified, prioritized, remediated, and managed in alignment with business and regulatory expectations.

The ideal candidate will serve as the central governance authority, partnering closely with security operations, risk, audit, and compliance teams to drive disciplined, risk-based remediation practices while supporting business agility.

• Own and manage the end-to-end governance framework for Vulnerability and Patch Management, including routines, escalation paths, and decision forums.
• Lead vulnerability remediation deferrals and ensure alignment with enterprise security priorities.
• Design, document, and maintain governance processes, standards, SOPs, and control execution procedures.
• Lead control lifecycle management activities, including control design, validation, issue identification, and remediation tracking.
• Provide risk-based oversight of vulnerability identification, prioritization, remediation timelines, and exception handling.
• Own issue management workflows, including root cause analysis, action plan approval, tracking, and formal closure.
• Facilitate recurring governance forums (weekly, monthly, and ad-hoc) to support clear decision-making, documentation, and follow-through.
• Define, monitor, and report KPIs and KRIs related to vulnerability posture, control health, and remediation performance.
• Partner with Infrastructure, Application Security, Red Team, and other security teams to align governance expectations with operational realities.
• Serve as the primary interface for audit, risk, and compliance stakeholders on vulnerability governance matters.
• Drive continuous improvement by identifying systemic gaps, emerging threats, and governance maturity opportunities.
• Integrate threat intelligence, exploit availability, and external advisories into vulnerability prioritization models.
• Extend governance oversight to third-party providers and cloud-hosted services.
• Drive vulnerability and patching requirements into third-party risk management and contractual assessments.
• Lead complex, high-visibility initiatives involving moderate to high risk and complexity.

• 10+ years of experience in cybersecurity, vulnerability management, technology risk, or security governance.
• Demonstrated experience designing and operating governance routines, escalation models, and decision frameworks.
• Strong understanding of vulnerability management tools, patching methodologies, and remediation constraints across:
• Infrastructure
• Cloud environments
• Applications
• Experience working with control frameworks and structured issue management processes.
• Proven ability to communicate technical risk effectively to executive, regulatory, and risk stakeholders.
• Strong facilitation, influence, and negotiation skills across technical and business teams.
• Track record of enforcing disciplined governance while enabling operational flexibility.
• Hands-on experience with GRC, ITSM, and related systems of record.
• Excellent written communication skills for developing standards, procedures, and governance documentation.
• Strong analytical capabilities with experience defining and interpreting security metrics and trends.
• Experience operating in regulated environments (financial services preferred).
• Previous experience leading complex, enterprise-scale IT or security initiatives.