×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security Security Manager Data Security

AVP, Threat and Vulnerability Management

Job in Wellesley, Norfolk County, Massachusetts, 02482, USA
Listing for: Sun Life
Full Time position
Listed on 2026-02-05
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security, Security Manager, Data Security
Job Description & How to Apply Below

Overview

You are as unique as your background, experience and point of view. Here, you'll be encouraged, empowered and challenged to be your best self. You'll work with dynamic colleagues - experts in their fields - who are eager to share their knowledge with you. Your leaders will inspire and help you reach your potential and soar to new heights. Every day, you'll have new and exciting opportunities to make life brighter for our Clients - who are at the heart of everything we do.

Discover how you can make a difference in the lives of individuals, families and communities around the world.

Job Description

Overview

As the AVP, Global Threat & Vulnerability Management (TVM) within Digital Security Threat Management (DSTM) under Security, Risk & Crisis Management (SRC), you will lead Sun Life's global capability for identifying, assessing, prioritizing, and mitigating cyber vulnerabilities and threats across the enterprise. You will oversee multiple subdisciplines-vulnerability management, red teaming, threat intelligence, defensive security (blue team), application security platform & testing, and incident management & process development-ensuring Sun Life maintains a resilient and compliant security posture.

This role partners closely with Security Engineering & Advisory, Technology Risk & Compliance, Security Governance & Client Programs, Security Initiatives & Awareness, and Security Operations to drive measurable improvements in cyber resilience and reduce enterprise attack surface.

Key Responsibilities

  • Enterprise Vulnerability Management Leadership

    You are the Responsible Person/Contact for the enterprise Vulnerability Management Directive, overseeing the entire vulnerability lifecycle across Sun Life: identification, prioritization, reporting, remediation governance, and compliance monitoring.

    Your VM program encompasses:

    • Internal and external vulnerability scanning
    • Database scanning
    • Security Scorecard monitoring
    • Threatinteldriven vulnerability monitoring
    • Classification of vulnerabilities and zeroday response
    • Audit, Client and Regulatory responses.
    • Management of platforms related to Vulnerability Management.
    • Produce Senior Leadership and Executive Reporting for all areas of Vulnerability Management.

  • Cyber Threat Intelligence & Hunting

    You oversee the Cyber Threat Intelligence (CTI) and Cyber Threat Hunting (CTH) function responsible for:

    • Lead the collection, analysis, and operationalization of internal and external threat intelligence.
    • Monitoring global threats affecting Sun Life brands, staff, infrastructure, and clients
    • Identifying indicators of compromise, campaign activity, and attacker behaviors
    • Producing actionable threat briefings for Security teams, Technology Risk, and senior leadership.
    • Maintain relationships with intelligence sharing communities, industry groups, and government partners.
    • Ensure threat intelligence directly informs detection engineering, vulnerability prioritization, and offensive testing.
    • Perform continuous Threat Hunting activities based on Cyber Threat Intelligence and internal Red/Blue team information.
    • Develop and refine use cases based on threat intelligence and work with Security Operations and Engineering teams to implement for alerting to Defensive Security teams.

  • Red Team / Offensive Security Oversight

    You lead the Offensive Security (Red Team) program, which conducts:

    • Application, network, social engineering, and physical penetration tests
    • Adversary emulation engagements
    • Intelligence Led Penetration Testing
    • Executes Security Control validation testing to ensure coverage and identify gaps across security controls.
    • Ensure offensive testing aligns with threat intelligence and focuses on highrisk assets and emerging attack vectors.
    • Partner with technology teams to validate remediation effectiveness.
    • Translate offensive findings into prioritized remediation actions and longterm security improvements.

  • Blue Team / Defensive Security Oversight

    You lead the Defensive Security (Blue Team) program, which:

    • Responds to detections from security controls
    • Ensure defensive capabilities evolve based on threat intelligence and offensive testing results.
    • Partner with Offensive Security, Cyber Threat Intelligence and Security Operations to enhance detection coverage, reduce dwell time, and improve alert fidelity.

  • Security Incident & Process Management

    You lead the Security Incident team which:

    • Responds to security incidents and takes appropriate actions
    • Govern the maturity of incident response processes, playbooks, and readiness exercises.
    • Ensure consistent, high quality incident handling with clear communication and postincident reviews.

  • Application Security Platforms

    • Oversee application security scanning capabilities including static, dynamic, software composition and mobile analysis.
    • Partner with Dev Ops teams to ensure application security capabilities are integrated into Dev Ops pipelines.
    • Identify systemic application security weaknesses and drive longterm remediation strategies.
    • Provide secure development guidance and support…
    • To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
    (If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
     
     
     
    Search for further Jobs Here:
    (Try combinations for better Results! Or enter less keywords for broader Results)
    Location
    Increase/decrease your Search Radius (miles)

    Job Posting Language
    Employment Category
    Education (minimum level)
    Filters
    Education Level
    Experience Level (years)
    Posted in last:
    Salary
    Advanced Search