Associate Director, Global Vulnerability Management

Overview

Our cybersecurity and information security teams at IDEXX contribute to a more resilient, adaptable, and security-aware enterprise prepared to navigate today’s evolving threat landscape. We have complex, multi-dimensional programs across the organization that support all the technology needed to deliver products and solutions to customers - enabling them to focus on delivering high quality patient care.

Associate Director of Global Vulnerability Management is a senior cybersecurity leader responsible for establishing, maturing, and overseeing IDEXX’s global vulnerability management strategy, governance, operations, and supporting technologies. This role ensures the proactive identification, prioritization, and remediation of security vulnerabilities across enterprise infrastructure, cloud environments, product ecosystems, manufacturing operations, and laboratory environments.

This is a ground-floor leadership opportunity to build and scale a global vulnerability management program from the ground up. You will lead a distributed team of vulnerability management professionals, security engineers, and analysts while partnering closely with IT Operations, Cloud Infrastructure, Engineering, Dev Sec Ops , and business technology leaders to embed vulnerability management into how IDEXX operates—helping teams understand what to remediate, how to remediate, and how to execute consistently.

As a member of the Security Leadership Team, you will advise the CISO, contribute to enterprise cybersecurity strategy, and drive measurable risk reduction aligned with IDEXX’s cybersecurity maturity goals.

In this role, you will be responsible for…

• Define and execute IDEXX’s global vulnerability management strategy, roadmap, and operating model aligned with NIST CSF, ISO 27001, and CIS Controls
• Advise the CISO on vulnerability posture, enterprise risk trends, and risk-reduction strategy
• Establish vulnerability lifecycle workflows from discovery through remediation validation, including escalation paths, exceptions, and governance
• Develop vulnerability management policies, standards, and remediation SLAs
• Define and track KPIs, KRIs, and program success metrics to measure effectiveness, velocity, and maturity

• Lead, mentor, and grow a global team of vulnerability management professionals, security engineers, and analysts
• Build sustainable organizational capabilities and a culture of continuous improvement and operational excellence
• Manage staffing, performance, career development, and vendor/partner relationships to support program scale and effectiveness

• Lead enterprise-wide vulnerability identification, assessment, prioritization, and remediation across infrastructure, applications, cloud (AWS, Azure, GCP), endpoints, containers, OT/IoT, manufacturing, and laboratory environments
• Establish risk-based prioritization models incorporating exploitability, threat intelligence, asset criticality, and environmental context
• Define scanning strategies and integrate vulnerability data from multiple sources including scanners, CSPM, penetration testing, and threat intelligence
• Integrate vulnerability management with patching, configuration management, and secure SDLC processes

• Own and mature vulnerability management platforms (e.g., Tenable, Qualys, Rapid7, Wiz, Snyk) to ensure accuracy, coverage, and scalability
• Drive automation, cloud-native capabilities, CI/CD integration, and shift-left practices to improve remediation efficiency and developer enablement
• Integrate vulnerability data into orchestration platforms, ticketing systems, and security dashboards

• Partner with IT Operations, Cloud Infrastructure, Engineering, Dev Sec Ops , and business technology leaders to embed remediation into enterprise workflows
• Assess and improve remediation capacity through training, tooling enhancements, and automation
• Incorporate threat intelligence and ensure alignment with governance, regulatory, and compliance requirements
• Develop remediation…