Vulnerability Management Team Lead – Vice President

Summary
The Head of Vulnerability Management will lead the enterprise-wide vulnerability detection, assessment, and remediation efforts to safeguard the bank’s infrastructure, applications, and data. This role will develop and execute a risk-based vulnerability management program that aligns with regulatory requirements and industry best practices. The ideal candidate will work cross-functionally to drive remediation efforts, enhance security posture, and provide executive-level reporting on vulnerabilities and risk exposure. This position requires a strong leader with deep technical expertise and experience in financial sector cybersecurity governance.

Key Responsibilities
Vulnerability Program Leadership
o Develop and manage the enterprise vulnerability management strategy, ensuring alignment with security frameworks and regulatory requirements.
o Establish policies, procedures, and standards for vulnerability identification, assessment, and remediation.
o Maintain executive-level reporting on vulnerability trends, risk posture, and remediation effectiveness.
o Continuously evaluate and enhance program maturity through automation and process improvements.
Vulnerability Scanning & Assessment
o Manage enterprise-wide vulnerability scanning tools and processes to detect security weaknesses.
o Perform regular scanning and testing across infrastructure, applications, and cloud environments.
o Analyze scan results to prioritize vulnerabilities based on risk, exploitability, and regulatory impact.
o Ensure comprehensive coverage of all assets through asset discovery and inventory validation.
Remediation & Risk Mitigation
o Collaborate with IT, DevOps, and application teams to ensure timely remediation of identified vulnerabilities.
o Develop and track key performance indicators (KPIs) to measure remediation effectiveness.
o Provide guidance on compensating controls and risk acceptance when remediation is not immediately feasible.
o Establish escalation processes for high-risk vulnerabilities requiring urgent action.
Threat Intelligence & Vulnerability Prioritization
o Integrate threat intelligence feeds to correlate vulnerabilities with real-world threats and exploits.
o Align vulnerability management efforts with emerging threats, zero-day vulnerabilities, and adversarial tactics.
o Leverage frameworks such as MITRE ATT&CK to enhance risk-based prioritization.
o Coordinate with incident response teams to analyze vulnerabilities exploited in security incidents.
Compliance & Regulatory Alignment
o Ensure adherence to financial industry regulations, including FFIEC, and NYDFS.
o Support internal and external audits by providing evidence of vulnerability management controls.
o Maintain documentation of vulnerability management activities for compliance reporting.
o Align remediation efforts with compliance deadlines and security control objectives.

o Manage and optimize vulnerability scanning tools such as Qualys, Tenable, or Rapid7.

o Automate vulnerability detection and remediation workflows through scripting and integration with security orchestration tools.

o Evaluate emerging technologies to enhance vulnerability management capabilities.

o Work with IT teams to embed security into DevSecOps pipelines.

o Act as the primary point of contact for vulnerability management across business and IT units.

o Deliver executive briefings on risk posture and remediation progress.

o Conduct training sessions for developers, IT teams, and security personnel on secure coding and vulnerability remediation best practices.

Foster a culture of security awareness by promoting proactive risk management.

#LI-DNI

Salary Range: $150k - $180k

Bachelor’s degree in Cybersecurity, Information Technology, Business Administration, or a related field.

Advanced degree (MBA, MS) is strongly preferred.

Relevant industry certifications (CISSP, CISM, GIAC) are strongly preferred.

Minimum 10 years of experience in information security or related field.

At least 3 years of experience in a senior leadership role within the banking or financial services industry.

Core Competencies

Experience & Expertise

o 7 years of experience in cybersecurity, with at least 3 years in vulnerability management or related roles.

o Strong knowledge of vulnerability assessment methodologies, risk frameworks (NIST, CIS, ISO 27001), and regulatory compliance in banking.

o Hands-on experience with vulnerability scanning tools such as Qualys, Tenable, Rapid7, or similar.

o Familiarity with penetration testing, threat intelligence, and exploit development concepts.

o Experience working in highly regulated environments with strict security and compliance requirements.

Technical Skills

o Proficiency in security automation using scripting languages (Python, PowerShell, Bash).

o Strong understanding of network security, cloud security (AWS, Azure, GCP), and secure application development practices.

o Knowledge of patch management processes and security hardening guidelines.

o Ability to analyze vulnerabilities, assess risk, and communicate technical findings to business leaders.

Soft Skills & Leadership

Strong leadership and project management skills, with experience leading vulnerability remediation efforts.
Excellent communication and stakeholder management skills, with the ability to influence technical and non-technical teams.
Analytical mindset with a proactive approach to problem-solving and risk mitigation.
Ability to thrive in a fast-paced, high-stakes environment with competing priorities.

Incident Management: Ability to analyze, prioritize, and manage security incidents effectively.

Strategic Thinking: Ability to align cyber risk initiatives with business objectives

Communication and Documentation: Strong ensure thorough documentation and clear communications over security operations activities.

Leadership and Team Management: Proven track record of building and leading high performing teams

Regulatory Compliance: Expertise in navigating banking regulations

Technical Knowledge: Strong knowledge with information security technologies such as vulnerability scanning tools, and threat intelligence tools, etc.

Investigations: Strong knowledge with leading security investigations.

Cybersecurity Frameworks: Deep understanding of frameworks such as NIST Cybersecurity Framework

Policy and Procedure Development: Proficiency in drafting and enforcing policies, procedures, and playbooks.

Industry Thought Leadership: Recognized as a subject matter expert in the cybersecurity or risk management space