Senior Director Vulnerability Management

## Exceed the expectations of our residential mortgage borrowers & business partners through superior service, simple processes, and effective communications.## We deliver on this mission by empowering our employees by encouraging and recognizing superior performance and innovative solutions, by promoting teamwork and divisional cooperation.
** POSITION SUMMARY
** The Sr Director Vulnerability Management (VM) owns the enterprise VM program across endpoints, servers, network devices, cloud platforms, containers, and applications. This role sets strategy and governance; drives risk-based prioritization; enforces remediation SLAs and exception handling; leads tool adoption and integration; and produces executive-ready metrics for internal governance and external obligations. Success requires deep collaboration with Infrastructure, End-User Computing, Network, Cloud/SRE, Application Engineering, Security Operations, and GRC, as well as selected service providers.

The program operates under the Company’s Patch & Vulnerability Management Standard and supports regulatory, audit, and customer requirements.
** DESCRIPTION
* *** Duties and Responsibilities**
* ** Program Strategy & Governance**   + Define and continuously mature a risk-driven VM strategy, roadmap, and RACI.  + Establish policy-aligned remediation SLAs, exception criteria, escalation paths, and evidence requirements.  + Ensure customer/contract obligations related to scanning cadence and patch timelines are operationalized where applicable.
* ** Operations, Coverage & Tooling**   + Lead enterprise scanning and assessment coverage across on-prem, cloud, containers, and applications using core platforms (e.g., Qualys VMDR/Total App Sec , Veracode, Microsoft Defender for Endpoint).  + Expand and maintain authenticated/agent-based coverage; manage discovery for shadow/EOL assets.  + Oversee web app/API scanning in partnership with App Sec; ensure rescans validate remediation.  + Lead enterprise hardening efforts across systems, software, networks, cloud applications, and cloud environments.
* ** Integration & Automation**   + Drive CMDB and ITSM integrations to automate ownership mapping, ticket creation, routing, and SLA tracking.  + Improve data quality (asset/owner criticality) to enable risk-based prioritization and reporting.
* ** Remediation Enablement & Outcomes**   + Partner with Infra, Desktop, Cloud, and App Owners to remove blockers (e.g., maintenance windows, change control constraints, EOL/EOS platforms).  + Track and resolve exceptions with compensating controls; publish actionable playbooks/runbooks.
* ** Zero-Day / Major Event Response**   + Orchestrate assessment, prioritization, patch/mitigation guidance, rescans, stakeholder communications, and executive updates for critical vulnerabilities.
* ** Metrics, Reporting & Audit Readiness**   + Produce executive-ready dashboards (coverage, SLA attainment, risk burn-down, exception inventory, business impact).  + Maintain audit artifacts and evidence for internal/external assessments; support GLBA and customer reviews.
- Ability to effectively and accurately convey information to others.
- Performs related duties as assigned by management.
** Qualifications and Education Requirements
*** Bachelor’s degree in Information Security, Information Systems, Computer Science, or equivalent experience.
* 10+ years in Information Security with 5+ years leading Vulnerability Management for a multi-platform enterprise (hybrid cloud). Demonstrated results improving enterprise VM metrics and SLA performance.
* Technical:
Depth with Qualys (VMDR, WAS/Total App Sec ), Veracode, Microsoft Defender for Endpoint; familiarity with network device scanning, container registries, and cloud workload coverage.
* Frameworks/Regulatory:
Working knowledge of NIST CSF/ISO 27001; audit evidence management (e.g., GLBA); experience satisfying customer security requirements.
* Preferred

Certifications:

CISSP, CISM, CCSP, or comparable.
** Skills, Abilities, and Knowledge
*** Leadership & Influence:
Leads cross-functional remediation at enterprise scale; strong executive presence and communication.
* Risk-Based Decisioning:
Transla…