Senior Manager - Information Security; Exposure Management

Position Summary

The Senior Manager, Exposure Management leads a team of remediation engineers responsible for reducing enterprise security risk across the organization’s technology environment. This role drives the end-to-end remediation program, ensuring timely mitigation of vulnerabilities while balancing operational stability, business priorities, and risk tolerance. The Senior Manager partners across security, infrastructure, and application teams to implement scalable, risk-based remediation strategies and improve overall exposure management effectiveness.

• Lead enterprise-wide vulnerability remediation efforts and execute risk-based strategies using CVSS, exploitability, asset criticality, and business impact
• Drive cross-functional collaboration with security, engineering, cloud, and infrastructure teams to ensure effective and timely remediation outcomes
• Oversee remediation lifecycle management, ensuring vulnerabilities are prioritized, tracked, and resolved within defined SLAs
• Establish and enforce prioritization models, including exception handling, risk acceptance, and escalation of high‑risk issues
• Deliver executive reporting on exposure trends, remediation performance, and overall risk posture
• Improve remediation processes, tooling, and automation to enhance efficiency and reduce false positives
• Ensure alignment with regulatory and compliance frameworks and support audits, risk assessments, and governance activities

• 7+ years of experience in cybersecurity, with at least 3+ years focused on vulnerability or exposure management
• 3+ years of people leadership experience, including managing technical teams and driving outcomes
• Hands‑on experience with vulnerability management platforms such as Qualys, Tenable, Rapid7, Wiz
• Strong understanding of operating systems (Windows, Linux, macOS), networking concepts, and enterprise infrastructure
• Proven ability to apply risk‑based decisioning in vulnerability prioritization and remediation

• Relevant industry certifications such as CISSP, GIAC, CEH, Qualys VMDR, combined with strong analytical, problem‑solving, and troubleshooting skills
• Experience with patching, configuration management, and remediation tools (e.g., SCCM, Ansible, Puppet) in large‑scale environments
• Knowledge of secure coding practices and common vulnerabilities such as OWASP Top 10, SANS Top 25
• Hands‑on experience with scripting and automation (e.g., Python, Power Shell, Bash) to improve remediation efficiency
• Proven ability to manage enterprise‑scale remediation programs in cloud or hybrid environments and clearly communicate technical risk to both executive and non‑technical stakeholders

• Bachelor’s degree or equivalent experience (high‑school diploma + 4 years relevant experience)

The typical pay range for this role is: $ - $. This range represents the base hourly rate or base annual full‑time salary for all positions in the job grade within which this position falls. The actual base salary offer will depend on a variety of factors including experience, education, geography and other relevant factors. This position is eligible for a CVS Health bonus, commission or short‑term incentive program in addition to the base pay range listed above.

The position also includes an award target in the company’s equity award program.

This full‑time position is eligible for a comprehensive benefits package designed to support the physical, emotional, and financial well‑being of colleagues and their families. Benefits include medical, dental, vision coverage, paid time off, retirement savings options, wellness programs, and other resources, based on eligibility.

Qualified applicants with arrest or conviction records will be considered for employment in accordance with all federal, state and local laws.