Vulnerability Manager

IEM is the largest independent full-line manufacturer of electrical distribution and control systems in North America. The Company has developed one of the most sophisticated electrical product manufacturing systems in the world and has cultivated partnerships with leading component suppliers resulting in optimal solutions to customer problems. IEM has offices in California, Florida, Canada and Belgium.

Job Description:

The Vulnerability Manager is responsible for overseeing the organization's vulnerability management program across Information Technology (IT), Operational Technology (OT) systems, third-party applications, and those that utilize AI and machine learning technologies. This includes identifying, assessing, prioritizing, and remediating security vulnerabilities to minimize risk across the enterprise. The Vulnerability Manager works closely with the security, IT, OT, and AI/ML teams to ensure vulnerabilities are addressed in a timely manner.

Key Responsibilities:

Vulnerability Management Strategy and Policies:

• Develop, implement, and maintain the vulnerability management strategy and policies for IT, OT, and AI/ML-based systems
• Ensure the vulnerability management program aligns with the organization's overall security objectives and risk management framework

Vulnerability Assessments and Scanning:

• Conduct regular vulnerability assessments and penetration testing to identify security weaknesses, including those related to AI systems and third-party applications
• Oversee the vulnerability scanning and assessment process across all IT, OT, and AI/ML-enabled systems and applications
• Analyze vulnerability scan results and prioritize remediation efforts based on risk, considering the unique requirements and potential vulnerabilities of AI/ML systems

Vulnerability Remediation and Validation:

• Coordinate with IT, OT, AI/ML, and development teams to ensure vulnerabilities are patched or mitigated accordingly
• Implement processes to validate the effectiveness of vulnerability remediation in IT, OT, and AI/ML environments
• Track and report on vulnerability management metrics and KPIs for IT, OT, and AI/ML systems

Third-Party Vendor Security Assessment:

• Establish and maintain a process for assessing the security posture of third-party vendors, including those providing AI/ML-powered applications and services
• Evaluate third-party vendors' vulnerability management practices and ensure they meet the organization's security requirements
• Collaborate with vendors to address identified vulnerabilities and security gaps in a timely manner
• Monitor and track the remediation of vulnerabilities in third-party systems and applications

Continuous Improvement and Collaboration:

• Stay up-to-date on the latest vulnerability trends, threats, and mitigation techniques for IT, OT, and AI/ML technologies
• Provide training and guidance to teams on vulnerability management best practices for IT, OT, and AI/ML systems
• Assist in incident response activities related to security breaches or vulnerabilities, including those involving AI systems and third-party applications
• Work with third-party vendors to assess and manage vulnerabilities in external systems and applications, including AI solutions and software dependencies

Required Qualifications:

• 5 years of experience in vulnerability management or information security, with a focus on IT, OT, and AI/ML systems
• Strong understanding of common vulnerabilities, exploitation techniques, and remediation methods in IT, OT, and AI/ML environments
• Familiarity with vulnerability scanning tools and technologies for IT, OT, and AI/ML systems
• Excellent analytical and problem-solving skills, with the ability to understand complex AI/ML architectures and potential vulnerabilities
• Ability to effectively communicate technical information to both technical and non-technical stakeholders
• Project management and process improvement skills
• Relevant security certifications (e.g., CISSP, GIAC, etc.) preferred
• Experience working with industrial control systems and other OT technologies, as well as AI/ML-powered applications and systems