×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Data Security IT Project Manager

Vulnerability and Exposure Management Program Manager

Job in Gresham, Multnomah County, Oregon, 97080, USA
Listing for: Us Bank
Full Time position
Listed on 2026-05-31
Job specializations:
  • IT/Tech
    Cybersecurity, Data Security, IT Project Manager
Salary/Wage Range or Industry Benchmark: 170255 - 200300 USD Yearly USD 170255.00 200300.00 YEAR
Job Description & How to Apply Below

At U.S. Bank, we’re on a journey to do our best. Helping the customers and businesses we serve to make better and smarter financial decisions and enabling the communities we support to grow and succeed. We believe it takes all of us to bring our shared ambition to life, and each person is unique in their potential. A career with U.S. Bank gives you a wide, ever-growing range of opportunities to discover what makes you thrive at every stage of your career.

Try new things, learn new skills and discover what you excel at—all from Day One.

Job Description Location Expectation

This role requires working from a U.S. Bank location three (3) or more days per week.

Role Overview

The Vulnerability and Exposure Management Program Manager is accountable for the enterprise vulnerability management strategy and operating model—expanding beyond traditional vulnerability management to build and lead a largely newly established continuous exposure management capability.

This is a strategic, enterprise-scale leadership role responsible for transforming an evolving program, addressing effectiveness gaps, and improving stakeholder confidence while reducing risk and enabling business and technology development.

The role partners across technology and business leadership to embed vulnerability and exposure reduction practices across cloud, data, digital, and AI initiatives. It includes ownership of internal and external exposure management capabilities, including attack surface visibility, attack path mitigation, and risk-based prioritization to reduce real-world exploitability.

The leader will operate within a highly regulated environment and must demonstrate strong executive presence and negotiation skills
, with the ability to influence senior stakeholders and lead through a multi-layer organization at enterprise scale.

Key Responsibilities
  • Define and execute the enterprise vulnerability and exposure management strategy and multi-year roadmap, including transforming program effectiveness and stakeholder outcomes
    .
  • Build, scale, and lead a largely new exposure management capability
    , expanding beyond current-state maturity into a comprehensive, enterprise-wide program.
  • Establish and operate a scalable model across infrastructure, applications, cloud, containers, third-party technology, and external attack surface, including governance, decision rights, and escalation paths.
  • Drive risk-based prioritization and remediation by integrating severity, exploitability, threat intelligence, asset criticality, and business context; lead zero-day response and decision-making.
  • Set and enforce remediation SLAs aligned to a faster, AI-influenced threat environment
    , with strong governance for exceptions and compensating controls.
  • Partner across CIO/CTO organizations, security, engineering, and business lines to embed vulnerability reduction into delivery practices (e.g., CI/CD), platform guardrails, and operational processes.
  • Modernize tooling, processes, and automation (including AI) to improve speed, accuracy, and efficiency of detection and remediation.
  • Deliver executive reporting and insights (KPIs/KRIs), translating technical risk into clear business impact, trends, and actions.
  • Leverage large-scale data analysis (millions of vulnerabilities) to identify themes, root causes, and opportunities for targeted risk reduction.
  • Ensure regulatory and audit readiness through strong documentation, controls, and issue management practices.
  • Lead and develop a multi-layer organization (25–35+ employees), including 5–8 direct reports who are people leaders
    , focusing on strategy and outcomes rather than hands-on technical execution.
  • Manage budget, vendors, and strategic partnerships, including evaluation and implementation of capabilities to improve coverage and remediation effectiveness.
  • Establish and enhance External Attack Surface Management (EASM) and enterprise asset intelligence, identifying unmanaged or unknown assets and bringing them into governance.
  • Incorporate adversary-informed perspectives into prioritization, aligning efforts with real-world threat behavior and attack paths.
  • Evolve the program toward a continuous, global operating model to…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search