Threat and Vulnerability Management Head
Threat and Vulnerability Management Head
Posted on :
04-07-2025
Employer Active
1 Vacancy
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Share
Send me jobs like this
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Job Description
The Head of Threat and Vulnerability Management will lead the organizations efforts to identify assess and mitigate security threats and vulnerabilities. This role will be responsible for overseeing internal and external penetration testing (PT) red teaming exercises vulnerability management system hardening and application and API security. The ideal candidate will have a strong technical background leadership experience and a strategic vision for improving the organizations security posture.
Key Responsibilities:
1. Leadership and Strategy:
Develop and implement a comprehensive threat and vulnerability management strategy.
Lead and manage a team of security professionals providing guidance mentorship and performance evaluations.
Collaborate with other departments to integrate security best practices into all business processes.
2. Penetration Testing and Red Teaming:
Plan execute and oversee internal and external penetration tests and red team exercises.
Identify vulnerabilities and weaknesses in systems networks and applications.
Develop and present detailed reports on findings including risk assessments and recommendations for remediation.
3. Vulnerability Management:
Establish and maintain a robust vulnerability management program.
Identify and reconcile the scope of vulnerability assessment
Conduct regular vulnerability assessments and scans.
Track and prioritize vulnerabilities for remediation based on risk and impact.
Work with IT and development teams to ensure timely and effective vulnerability remediation.
Ensure 100% coverage of assets for vulnerability assessment
4. System Hardening:
Develop and implement system hardening guidelines and best practices.
Ensure all systems are configured securely and in compliance with industry standards and regulatory requirements.
Conduct regular audits to verify compliance and identify areas for improvement.
5. Application and API Security:
Lead efforts to secure applications and APIs throughout the development lifecycle.
Collaborate with development teams to integrate security into the software development process.
Conduct code reviews security testing and vulnerability assessments of applications and APIs.
Reconcile and ensure 100% coverage of applications and APIs for vulnerability assessment
6. Third party Cyber Risk management
Establish and maintain a robust vulnerability remediation identified by third parties
Lead efforts to secure organisation external interface and support mitigate risks from the TPRM view
Ensure complete coverage of Organisation external IT infrastructure by these third party scanners
Qualifications:
Bachelors degree in computer science Information Security or a related field. Masters degree preferred.
Minimum of 15-18 years of experience in information security with at least 5 years in a leadership role.
Strong technical expertise in penetration testing red teaming vulnerability management system hardening and application security.
Relevant certifications such as CISSP CISM OSCP CEH or similar.
Excellent understanding of security frameworks and standards (e.g. NIST ISO 27001 OWASP).
Proven ability to lead and manage a team of security professionals.
Strong analytical problem-solving and decision-making skills.
Excellent communication and interpersonal skills.
Preferred Skills:
Experience with security tools and technologies (e.g. SIEM IDS/IPS vulnerability scanners etc.).
Knowledge of regulatory requirements and industry standards (e.g. GDPR HIPAA PCI-DSS).
Familiarity with cloud security container security and DevSecOps practices.
Employment Type
Full-Time
Report This Job
Disclaimer: Drjobpro.com is only a platform that connects job seekers and employers. Applicants are advised to conduct their own independent research into the credentials of the prospective employer.We always make certain that our clients do not endorse any request for money payments, thus we advise against sharing any personal or bank-related information with any third party. If you suspect fraud or malpractice, please contact us via contact us page.
