VP_ Head, Vulnerability Management

You will be responsible for the delivery of vulnerability management services and day-to-day operations and development of the bank security suite of products with key objective in designing, developing, deploying, maintaining, and enhancing the Bank’s vulnerability management capabilities

Key Responsibilities:

• Manage activities associated with attack surface reduction and proactive management of potential vulnerabilities to the Bank’s technology estate
• Ensure timely communication, management and reporting of product vulnerability advisories to application and infrastructure teams including monitoring the lifecycle of product vulnerabilities in conjunction with the Threat Intelligence team
• Provide best practice guidance to application and infrastructure teams on possible mitigating controls in the absence of product fixes for vulnerabilities
• Coordinate (as and when needed) vulnerability response for critical vulnerabilities in conjunction with the Group Security Operations Centre
• Automation development on existing processes and develop contextual data sets, reports, and dashboards to provide management, risk and service insights
• Product research and define requirements for new projects, perform product evaluation and technical Proof of Concept
• Provide support for all Audit and Regulatory requests

Others:

• Communicate effectively with a variety of internal teams and third-party service providers/vendors for the delivery of Vulnerability Management services/solutions.
• Capable of managing a variety of priorities and deliverables in an operational, interrupt driven environment with minimal guidance or supervision
• Work with internal technical teams and engineers in the prioritization and interpretation of attack surface reduction activities including providing guidance on countermeasures as mitigating controls
• Available to respond to any requests and assist with troubleshooting activities of vulnerability management solutions along with proper documentation.
• Resolve standard/routine issues with no guidance and complex/unusual issues with minimal guidance

Job Requirements

Education:

• Diploma/Degree in engineering/Computer Science/IT/Cyber Security from a recognized education institution
• Professional security related qualification (e.g., SANS, CISSP, CISA, CISM, etc.) will be favorable although not mandatory.

Technical Skills:

• Overall experience 8 to 12 years of experience
• 5 to 7 years of relevant experience with proven track record in managing, deploying, automating and streamlining Vulnerability Management services, technologies and process.
• Knowledgeable with the variety of Vulnerability Management technologies and familiar with the industry trends and best practices
• Knowledgeable with open systems (e.g., Windows, Unix, Linux), networking technologies (e.g., switches, routers, firewalls), end user technologies (Windows, iOS, Android) in relation to Vulnerability Management
• Knowledgeable with cloud technologies (e.g., AWS, Azure, M365, GCP) and containers (e.g., Docker and Kubernetes) in relation to Vulnerability Management
• Analytical problem solver and good at troubleshooting technical issues
• Hands-on experience in the use of Splunk, scripting (e.g., Python, Bash), security testing tools, and network vulnerability assessment tools (e.g., Nessus, Qualys, Rapid7, etc) will be favorable.

Soft Skills:

• Good written and verbal communication skills
• Process aware mindset.
• Strong analytical and problem-solving skills
• Effective time management and organizational skills
• Team player, including ability to establish and maintain effective working relationships within and across the organization.
• Proficient in Microsoft Office applications