VP Vulnerability Management Team Lead

Direct on client payroll - client does not sponsor visas

Summary
The Head of Vulnerability Management will lead the enterprise-wide vulnerability detection, assessment, and remediation efforts to safeguard the bank's infrastructure, applications, and data. This role will develop and execute a risk-based vulnerability management program that aligns with regulatory requirements and industry best practices. The ideal candidate will work cross-functionally to drive remediation efforts, enhance security posture, and provide executive-level reporting on vulnerabilities and risk exposure. This position requires a strong leader with deep technical expertise and experience in financial sector cybersecurity governance.
Key Responsibilities

• Vulnerability Program Leadership
• Develop and manage the enterprise vulnerability management strategy, ensuring alignment with security frameworks and regulatory requirements.
• Establish policies, procedures, and standards for vulnerability identification, assessment, and remediation.
• Maintain executive-level reporting on vulnerability trends, risk posture, and remediation effectiveness.
• Continuously evaluate and enhance program maturity through automation and process improvements.
• Vulnerability Scanning & Assessment
• Manage enterprise-wide vulnerability scanning tools and processes to detect security weaknesses.
• Perform regular scanning and testing across infrastructure, applications, and cloud environments.
• Analyze scan results to prioritize vulnerabilities based on risk, exploitability, and regulatory impact.
• Ensure comprehensive coverage of all assets through asset discovery and inventory validation.
• Remediation & Risk Mitigation
• Collaborate with IT, DevOps, and application teams to ensure timely remediation of identified vulnerabilities.
• Develop and track key performance indicators (KPIs) to measure remediation effectiveness.
• Provide guidance on compensating controls and risk acceptance when remediation is not immediately feasible.
• Establish escalation processes for high-risk vulnerabilities requiring urgent action.
• Threat Intelligence & Vulnerability Prioritization
• Integrate threat intelligence feeds to correlate vulnerabilities with real-world threats and exploits.
• Align vulnerability management efforts with emerging threats, zero-day vulnerabilities, and adversarial tactics.
• Leverage frameworks such as MITRE Telecommunication&CK to enhance risk-based prioritization.
• Coordinate with incident response teams to analyze vulnerabilities exploited in security incidents.
• Compliance & Regulatory Alignment
• Ensure adherence to financial industry regulations, including FFIEC, and NYDFS.
• Support internal and external audits by providing evidence of vulnerability management controls.
• Maintain documentation of vulnerability management activities for compliance reporting.
• Align remediation efforts with compliance deadlines and security control objectives.
• Tooling & Automation
• Manage and optimize vulnerability scanning tools such as Qualys, Tenable, or Rapid7.
• Automate vulnerability detection and remediation workflows through scripting and integration with security orchestration tools.
• Evaluate emerging technologies to enhance vulnerability management capabilities.
• Work with IT teams to embed security into DevSecOps pipelines.
• Stakeholder Communication & Training
• Act as the primary point of contact for vulnerability management across business and IT units.
• Deliver executive briefings on risk posture and remediation progress.
• Conduct training sessions for developers, IT teams, and security personnel on secure coding and vulnerability remediation best practices.
• Foster a culture of security awareness by promoting proactive risk management.