Associate Director Info Security

The Threat & Vulnerability Team Manager will be leading critical support for the Information Security’s vulnerability management program (VM) for both the on-prem & cloud environments managed by One Main Financial (OMF). They will help create a robust proactive approach for preventing unauthorized access, changes, or exploitation of vulnerabilities through mitigation, active defenses, and automated responses. The VM team’s portfolio of activities includes providing vulnerability detection and remediation oversight, vulnerability research, secure baseline compliance, web application security, host-based security, network security, and acting as security subject matter experts for all the organization.

Extensive knowledge and hands-on experience with a variety of Vulnerability Management Tools such as Tenable, DB Protect, Netsparker, Qualys, etc.

Proven track record of designing, implementing, and managing a successful Threat & Vulnerability Management Program

Strong knowledge of networking, operating systems, databases, and web applications

Strong knowledge of cybersecurity operations (Cyber Threat Intelligence, Penetration testing, & Incident Response)

Deep knowledge and experience of performing both manual and automated asset discovery and enumeration

Deep knowledge and experience of systematic and data-driven asset prioritization

Track record of leading enterprise-level vulnerability management teams with a history of increasing responsibility

Ability to explain vulnerability management concepts to a wide range of audiences verbally and in writing

Expertise in developing and improving vulnerability management operations and processes

Strong interpersonal skills and the ability to collaborate with a variety of stakeholders to ensure vulnerability management compliance

Proactive disposition and ability to execute on leadership vision with minimal oversight

Perform Project/Team Management activities, including assigning tasks, 1-1 coaching, upskilling junior team members, performance evaluations, etc.

Lead the redesign, build and day-to-day operations of the vulnerability management (VM) team to include standardization of processes and managing customer expectations.

Effectively manage a team of vulnerability management professionals who are focused on proactively preventing the exploitation of IT vulnerabilities that exist across the OMF environments.

Successfully assign and complete VM projects, tasks, and r initiatives on time and to vulnerability management standards.

Track all team projects, tasks, and/or initiatives in a centralized location (e.g., Microsoft Lists, Jira, etc.) and provide a reportable schedule.

Drive actionable metrics which help ensure the team reduce the time and resources needed to detect, investigate, analyze and remediate vulnerabilities.

Manage performance of risk‐based assessments of current and emerging information security issues to support the mission by prioritizing remediation efforts.

Proactively delegate support of regular vulnerability, compliance/configuration, database, and web application scanning.

Apply effective problem solving and critical thinking skills to evaluate applicable solutions, conduct pilot/evaluations for proof of concepts and ultimately implement better mitigating controls.

Research current and emerging information security exploits, threats, and vulnerabilities and disseminate contextual information to appropriate stakeholders.

Facilitate exception handling, waiver processing and escalations as needed.

Maintain regular communication with security leaderships on process optimization, tools tuning and resetting of VM priorities as business needs prudently recommend.

Bachelor's degree and 8+ years of related work experience; or a graduate degree and approximately 7-8 years of related work experience in the fields of Computer Science, Information Systems, Engineering, Business or related major

A…