Vulnerability Project Manager

Vulnerability Project Manager:

Scope of Work:

1. f) Duties and responsibilities of the OT (Operational Technology) Vulnerability Project Manager include but are not limited to the following:
2. i) Design, integrate, and manage programs to identify and remediate vulnerabilities in OT systems.
3. ii) Define and publish strategic plans for OT vulnerability management, aligning with organizational objectives and regulatory requirements.

iii) Determine the criticality of each OT asset to prioritize vulnerability management efforts.

1. iv) Evaluate potential cybersecurity threats and vulnerabilities to prioritize remediation efforts.
2. v) Classify and prioritize vulnerabilities based on risk and potential impact on the organization.
3. vi) Ensure swift remediation of identified vulnerabilities, which may involve installing security patches, modifying configurations, or implementing other mitigation controls.

vii) Regularly monitor and report on compliance with related policies and standards, proposing changes as necessary to ensure operating efficiency and regulatory compliance.

viii) Collaborate with internal teams and stakeholders, including OT engineers, IT security professionals, and business leaders, to ensure a comprehensive approach to OT vulnerability management.

1. ix) Offer consultation and analytical support for vulnerabilities to internal teams and prepare and present reports documenting vulnerability trends and areas for improvement.
2. x) Ensure that resources are appropriately trained, tasked, and delivering against milestones, and manage the financial and administrative responsibilities of the unit.
3. xi) Regularly review and update the OT vulnerability management program to stay ahead of new threats and vulnerabilities, leveraging automated tools and best practices.

Required Background:

1. Bachelor s degree from an accredited college or university in Computer Science, Information Systems, Data Science, or related field.
2. Formal training or certifications, as referenced in the second paragraph in the Scope of Work, in relevant cybersecurity domains with a focus on project management and risk concepts, ideally with applied experience in a government entity.

1. Minimum of seven (7) years of progressively responsible experience with focus on Operational Technology management and Cybersecurity field.
2. Ability to manage a team of specialists in threat intelligence, penetration testing, and governance, risk management, and compliance.
3. Capability to develop and implement strategic plans for OT vulnerability management.
4. Experience with industry standards such as NIST 800, ISO 27001, and SANS Critical Security Controls.
5. Experience with audit processes and performing risk-based audits.
6. Deep project and program management skills, including experience in managing projects from idea to completion.
7. Deep understanding of OT systems, including industrial control systems (ICS) and supervisory control and data acquisition (SCADA) systems
8. Expertise in using vulnerability management tools such as Qualys.
9. Experience with cloud security, including Google Cloud Platform, Amazon Web Services, and Microsoft Azure Services.
10. Excellent communication skills to translate complex technical information across all levels of the organization.