Director of Vulnerability Management
Director of Vulnerability Management
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
$ 97000 - 189000
1 Vacancy
Job Description
You have a clear vision of where your career can go. And we have the leadership to help you get there.At CNA we strive to create a culture in which people know they matter and are part of something important ensuring the abilities of all employees are used to their fullest potential.
Leadership position responsible for transforming and accelerating Vulnerability Management (VM) into a core information security strength. This position plays a pivotal role in safeguarding CNAs assets by leading an enterprise-wide VM program and team developing strategy driving priorities and initiatives with partners and managing vulnerabilities per organizational risk tolerance across on-premises and cloud environments. This role blends deep technical expertise (70%) with strategic leadership (30%) ensuring vulnerabilities across our environment are identified prioritized and remediated in a timely manner. This role demands a strategic mindset robust technical aptitude and the ability to communicate risk and remediation status effectively throughout the business. The ideal candidate will thrive in a fast-paced environment demonstrate exceptional technical depth and possess strong leadership skills to influence across technical and business teams.JOB DESCRIPTION:
Essential Duties & Responsibilities
Performs a combination of duties in accordance with departmental guidelines:
Technical (70%)
Leads and executes a comprehensive Vulnerability Management program throughout a global technology organization leveraging legacy and modern assets and applications located on-premises and in the cloud.
Own and operate the enterprise vulnerability management program including vulnerability scanning reporting and remediation tracking.
Builds and nurtures strong partnerships with asset owners and managed service providers to drive vulnerability remediation mitigation reduce exposure and potential business impact and ensure secure asset configurations.
Oversee and technically validate the MSPs delivery of vulnerability scanning and assessments using Tenable tools.
Accountable for the vulnerability remediation process within CNA which may include vulnerabilities discovered through but not limited to vulnerability scanning ethical hacking threat intelligence application security responsible disclosure etc.
Holistically owns the secure configuration management process within CNA which may include working with various teams in developing secure technical specifications for technologies assessing the environment against those specifications and continuously improving the posture through governance and technical leadership.
Develops enterprise policy standards plans strategy and procedures with specific regard to vulnerability management and secure configuration in alignment with business industry and regulatory requirements ensuring adherence across the enterprise to avoid audit findings and compliance gaps.
Develops and presents VM program metrics KPIs KRIs and other applicable performance reporting measures to communicate risk and program effectiveness to governance and leadership.
Perform detailed analysis of vulnerability data to identify trends recurring issues and systemic weaknesses and use this analysis to prioritize remediation efforts based on risk and business impact.
Identifies recommends and prioritizes appropriate measures to manage and remediate vulnerabilities and reduce potential impacts on information resources to acceptable risk tolerances.
Successfully partners with other teams to risk assess potential impact from vulnerabilities and recommends appropriate compensating security controls.
Mentor and develop a team of vulnerability management professionals fostering a culture of continuous learning and operational excellence.
Be a champion for vulnerability management and information security including broadening awareness and use of the teams services education of security best practices and integration with other business areas.
Leadership (30%)
Lead mentor and develop an internal vulnerability management team (FTEs and contractors).
Serve as primary point of contact and escalation for the MSP holding them accountable to SLAs quality standards and performance metrics.
Communicate vulnerability risks trends and remediation progress to senior leadership including executives and the Board in clear business terms.
Partner with application and infrastructure owners to ensure remediation activities are prioritized and executed effectively.
May perform additional duties as assigned.
Reporting Relationship
Typically AVP or above
Skills Knowledge & Abilities
Strong hands-on expertise or equivalent enterprise vulnerability scanning tools.
Proven track record of leading vulnerability management programs and teams with expert-level knowledge and competence in security concepts and strategies and the ability to successfully implement them.
Hands-on experience with leading vulnerability management tools at enterprise scale and strong technical understanding and experience assessing vulnerabilities and identifying weaknesses in legacy and modern assets and applications located on-premises and in the cloud.
Expertise in identifying evaluating and prioritizing vulnerabilities within CNAs environment paired with the capability to design and implement holistic remediation strategies that effectively address both immediate and long-term risks across CNA.
Excellent written and verbal communications and interpersonal skills to work effectively with peers leadership and subordinates. Must be able to clearly communicate complex technical and business concepts both to business partners internal and external teams and leadership.
Strong analytical and project management skills.
Proven ability to effectively lead manage coach and develop a team. This includes both direct leadership but also cross-functional capabilities.
Proven experience managing MSP relationships including SLA enforcement and technical oversight.
6 years in a vulnerability management program. Knowing not only how to assess vulnerabilities but also prioritize and drive remediation activities.
Experience interacting with auditors and regulators.
Experience and comfort working across evolving cloud and on-premises hybrid environments and technologies.
Self-starter with the ability to make independent data-driven decisions and the judgment to know when to seek guidance.
Expert-level understanding of key vulnerability management and information security concepts such as: risk severity exploitability CVE CVSS asset management secure configuration management etc.
Ability to foster collaborative open working relationships with stakeholders.
Strong understanding of enterprise network endpoint and application-level security issues and risks.
Solid understanding of operating systems (Windows Linux Unix) networking cloud platforms (GCP AWS Azure) and common enterprise application stacks.
Education & Experience
Bachelors degree in Computer Science or related discipline or equivalent work experience.
Typically a minimum of ten years related work experience in Information Technology.
CISSP CISM PMP Tenable or equivalent certifications preferred.
#LI-ED1
In certain jurisdictions CNA is legally required to include a reasonable estimate of the compensation for this District of Columbia California Colorado Connecticut Illinois Maryland Massachusetts New York and Washington the national base pay range for this job level is $97000 to $189000 determinations are based on various factors including but not limited to relevant work experience skills certifications and location. CNA offers a comprehensive and competitive benefits package to help our employees and their family members achieve their physical financial emotional and social wellbeing goals. For a detailed look at CNAs benefits please visit.
CNA is committed to providing reasonable accommodations to qualified individuals with disabilities in the recruitment process. To request an accommodation please contact.
Required Experience:
Director
Employment Type
Full-Time
