Vulnerability Management Lead

Role Overview: We are seeking a seasoned Vulnerability Management Lead to oversee and evolve our enterprise-wide threat and vulnerability management program.

This role sits at the intersection of security operations and strategic program leadership — responsible for driving systematic identification, assessment, prioritization, and remediation of vulnerabilities across a complex global environment spanning on-premises infrastructure, cloud platforms, and hybrid deployments.

The ideal candidate brings both hands-on technical depth and the leadership acumen to engage stakeholders at all levels — from engineering teams executing remediations to executives requiring clear risk summaries.

This is a high-impact position for someone passionate about operational excellence and continuous program improvement.

Key Responsibilities: Own the end-to-end vulnerability management lifecycle across enterprise environments including Windows and Linux operating systems, network infrastructure, cloud platforms (AWS and Azure), containerized applications, and digital certificate management.

Execute and oversee ongoing vulnerability scanning, risk prioritization, and structured remediation workflows across cloud and on-premises systems, applying recognized industry frameworks and security best practices.

Develop and maintain a metrics and reporting framework to measure program maturity, track remediation SLAs, and communicate risk posture to internal and external stakeholders — leveraging automation to reduce manual effort and improve accuracy.

Serve as the internal subject matter authority on vulnerability risk, providing guidance to both technical and non-technical teams on threat impact, exploitability, and remediation options — including endpoint protection, network-level controls, and cloud-native security mechanisms.

Build and maintain collaborative working relationships with cross-functional and global teams to ensure vulnerability risks are clearly communicated, tracked, and resolved in alignment with organizational risk appetite.

Lead root cause analyses following security events or remediation gaps, and produce clear executive-level reports summarizing findings, risk exposure, and recommended courses of action.

Support day-to-day program operations including documentation upkeep, policy and procedure development, and participation in incident response activities as required.

Continuously assess and improve program tooling, processes, and detection capabilities to stay ahead of the evolving vulnerability landscape and organizational scale.

Plan and coordinate security testing and validation exercises — including scan coverage reviews, finding validation, and remediation verification — across applications, infrastructure, and data environments.

Prepare and deliver SLA-aligned, volume-based, and risk-tiered reporting for internal leadership and external stakeholders as required.

Qualifications: Bachelor's degree in a relevant field with 5+ years of progressive experience in information security, with a focus on vulnerability management or security operations.

Demonstrated hands-on proficiency with enterprise vulnerability scanning platforms such as Rapid7, Qualys, Tenable, or Armis; familiarity with SIEM tooling, ticketing/workflow systems (e.g., ServiceNow Vulnerability Response), and hybrid cloud security environments (AWS, Azure).

Proven track record leading vulnerability management functions — including full-cycle scanning operations, risk communication, and remediation tracking across diverse technology environments.

Working knowledge of data visualization and reporting platforms such as Wiz, Snowflake, or Power BI, with strong proficiency in Excel and PowerPoint for stakeholder reporting and analysis.

Scripting experience in Python or PowerShell is an asset, particularly for automation of vulnerability workflows and process optimization.

Familiarity with security and compliance frameworks such as NIST CSF or ISO 27001 is beneficial.

Strong organizational skills with the ability to manage competing priorities independently while contributing effectively within collaborative team settings.

Exceptional communication skills — able to translate complex, technical vulnerability findings into business-relevant language for executive and non-technical audiences.

• Powered by JazzHR