Manager, Vulnerability Management

Job Summary

The Vulnerability Management Manager is responsible for identifying, assessing, prioritizing, and driving remediation of security vulnerabilities across the organization’s infrastructure, applications, and endpoints. This role partners closely with IT operations, engineering, architecture, and security teams to ensure timely patching, risk reduction, risk remediation, and compliance with security standards and regulatory requirements. The role requires an individual with strong communication and organizational skills, and the technical capability to understand, interpret, and prioritize vulnerability findings.

• Leads and manages the Vulnerability Management program
• Oversee strategic development of the team, including general administrative tasks such as employ work schedules, delegating responsibilities, and ensure team is meeting goals as defined by the Product and Technology organization
• Develop and oversee a patch management program
• Communicates key findings, road blockers, major risks etc. to the Vulnerability Management Steering Committee and corporate leadership in a timely manner, as required
• Fulfils all compliance and audit responsibilities, as related to the position
• Develops and drives program strategy, roadmap, and objectives, in alignment with organizational policies and goals
• Establishes workstream and communication channels between relevant teams such as Threat Intelligence and Security Operations Center
• Evaluates and adjust current program framework, on an annual basis, to ensure security controls enforced are in alignment with industry and organization best practices
• Administration of vulnerability management reporting and tracking tools, including maintaining integrations with on prem, cloud, and code vulnerability management platforms
• Participate in additional projects and tasks, at the direction of Security Leadership

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or equivalent experience
• Minimum 8 years of experience in vulnerability management, patch management, or security operations
• At least one security certification such as Security+, CISSP, CEH, GSEC, or equivalent
• Strong understanding of operating systems (Windows, Linux), networking, and enterprise infrastructure
• Experience with vulnerability scanning tools (e.g., Tenable, Qualys, Rapid7, Crowd Strike Exposure Management)
• Familiarity with patch management tools and platforms (e.g., SCCM, Intune, WSUS, JAMF, Ansible)
• Knowledge of CVE, CVSS, NIST, CIS benchmarks, and common threat vectors
• Ability to clearly communicate technical risk to non-technical stakeholders, by assessing and focusing on business impact Experience supporting compliance frameworks (ISO 27001, SOC 2, PCI DSS,)
• Experience with cloud platforms and cloud-native vulnerability tools, as well as code platforms

We are an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, creed, national origin, religion, age, disability, sex, sexual orientation, gender identity or protected veteran status, or any other basis protected by applicable federal, state, or local law. The Company provides reasonable accommodations upon request in accordance with applicable requirements.

Pay is competitive and based on a number of job-related factors, including skills and experience. The starting pay rate/range at time of hire for this position in New York is $ - $ / year. For other locations, please inquire with your recruiter. The rates/ranges provided herein are the anticipated pay at the time of hire, and do not reflect future job opportunity.