Head of Vulnerability Management Team

Summary

The Head of Vulnerability Management will lead the enterprise-wide vulnerability detection, assessment, and remediation efforts to safeguard the bank’s infrastructure, applications, and data. This role will develop and execute a risk-based vulnerability management program that aligns with regulatory requirements and industry best practices. The ideal candidate will work cross-functionally to drive remediation efforts, enhance security posture, and provide executive-level reporting on vulnerabilities and risk exposure. This position requires a strong leader with deep technical expertise and experience in financial sector cybersecurity governance.

Qualifications/Education Required:

• Bachelor’s degree in Cybersecurity, Information Technology, Business Administration, or a related field.

Experience Required: Minimum 10 years of experience in information security or related field.

Competencies Required:

• Incident Management: Ability to analyze, prioritize, and manage security incidents effectively.
• Strategic Thinking: Ability to align cyber risk initiatives with business objectives
• Communication and Documentation: Strong ensure thorough documentation and clear communications over security operations activities.
• Leadership and Team Management: Proven track record of building and leading high performing teams
• Regulatory Compliance: Expertise in navigating banking regulations

Skills & Knowledge Requirements:

Technical Knowledge: Strong knowledge with information security technologies such as vulnerability scanning tools, and threat intelligence tools, etc.

Investigations: Strong knowledge with leading security investigations.

Cybersecurity Frameworks: Deep understanding of frameworks such as NIST Cybersecurity Framework

Policy and Procedure Development: Proficiency in drafting and enforcing policies, procedures, and playbooks.

Key Responsibilities

Vulnerability Program Leadership

• Develop and manage the enterprise vulnerability management strategy, ensuring alignment with security frameworks and regulatory requirements.
• Establish policies, procedures, and standards for vulnerability identification, assessment, and remediation.
• Maintain executive-level reporting on vulnerability trends, risk posture, and remediation effectiveness.
• Continuously evaluate and enhance program maturity through automation and process improvements.

Vulnerability Scanning & Assessment

• Manage enterprise-wide vulnerability scanning tools and processes to detect security weaknesses.
• Perform regular scanning and testing across infrastructure, applications, and cloud environments.
• Analyze scan results to prioritize vulnerabilities based on risk, exploitability, and regulatory impact.
• Ensure comprehensive coverage of all assets through asset discovery and inventory validation.

Remediation & Risk Mitigation

• Collaborate with IT, DevOps, and application teams to ensure timely remediation of identified vulnerabilities.
• Develop and track key performance indicators (KPIs) to measure remediation effectiveness.
• Provide guidance on compensating controls and risk acceptance when remediation is not immediately feasible.
• Establish escalation processes for high-risk vulnerabilities requiring urgent action.

Threat Intelligence & Vulnerability Prioritization

• Integrate threat intelligence feeds to correlate vulnerabilities with real-world threats and exploits.
• Align vulnerability management efforts with emerging threats, zero-day vulnerabilities, and adversarial tactics.
• Leverage frameworks such as MITRE ATT&CK to enhance risk-based prioritization.
• Coordinate with incident response teams to analyze vulnerabilities exploited in security incidents.

Compliance & Regulatory Alignment

• Ensure adherence to financial industry regulations, including FFIEC, and NYDFS.
• Support internal and external audits by providing evidence of vulnerability management controls.
• Maintain documentation of vulnerability management activities for compliance reporting.
• Align remediation efforts with compliance deadlines and security control objectives.

Tooling & Automation

• Manage and optimize vulnerability scanning tools such as Qualys, Tenable, or Rapid7.
• Automate vulnerability detection and remediation workflows through scripting and integration with security orchestration tools.
• Evaluate emerging technologies to enhance vulnerability management capabilities.
• Work with IT teams to embed security into DevSecOps pipelines.

Stakeholder Communication & Training

• Act as the primary point of contact for vulnerability management across business and IT units.
• Deliver executive briefings on risk posture and remediation progress.
• Conduct training sessions for developers, IT teams, and security personnel on secure coding and vulnerability remediation best practices.
• Foster a culture of security awareness by promoting proactive risk management.

Core Competencies

Experience & Expertise

• 7 years of experience in cybersecurity, with at least 3 years in vulnerability management or related roles.
• Strong knowledge of vulnerability assessment methodologies, risk frameworks (NIST, CIS, ISO 27001), and regulatory compliance in banking.
• Hands-on experience with vulnerability scanning tools such as Qualys, Tenable, Rapid7, or similar.
• Familiarity with penetration testing, threat intelligence, and exploit development concepts.
• Experience working in highly regulated environments with strict security and compliance requirements.

Technical Skills

• Proficiency in security automation using scripting languages (Python, PowerShell, Bash).
• Strong understanding of network security, cloud security (AWS, Azure, GCP), and secure application development practices.
• Knowledge of patch management processes and security hardening guidelines.
• Ability to analyze vulnerabilities, assess risk, and communicate technical findings to business leaders.

Soft Skills & Leadership

• Strong leadership and project management skills, with experience leading vulnerability remediation efforts.
• Excellent communication and stakeholder management skills, with the ability to influence technical and non-technical teams.
• Analytical mindset with a proactive approach to problem-solving and risk mitigation.
• Ability to thrive in a fast-paced, high-stakes environment with competing priorities.