IT Security Technical Lead

• IT Security Technical Lead Vulnerability Management responsible for developing leading and continuously improving the enterprise-wide Vulnerability Management and Security Assessment program
• This role ensures that vulnerability management across systems applications and clouds are identified assessed prioritized and remediated alignment with business risk and compliance objectives.
• The successful candidate will combine technical expertise strategic oversight and leadership skills to drive a measurable reduction in organizational risk while supporting Quest Diagnostics mission to protect data systems and customer

• Lead the global Vulnerability Management program including policy management scanning reporting and remediation tracking.
• Design and maintain a comprehensive Vulnerability Management framework aligned with NIST HIPAA PCI SOX & etc.
• Lead rapid assessment and remediation efforts for Zero day vulnerabilities including immediate impact analysis exploitability review and prioritization based on business risk.
• Server as Subject Matter Expert (SME) for Qualys or similar scanning platforms ensuring accurate detection prioritization and reporting of vulnerabilities.
• Partner and Infrastructure Application and Risk Teams to coordinate assessment and remediation activities across diverse environments.
• Define and monitor metrics and KPIs to evaluate program effectiveness and communicate progress to Senior leadership.
• Develop and maintain dashboard and reports highlighting trends remediation SLA performance and residual risk posture
• Conduct ad-hoc vulnerability assessments and provide risk-based recommendations for remediation and mitigation
• Provide consultancy and guidance on Vulnerability risk Security exception and compensating controls to technical and business stakeholders.
• Support security compliance efforts by ensuring timely remediation of vulnerabilities tied to audit findings and regulatory frameworks (HIPAA PCI SOX).
• Develop and deliver training workshops and awareness sessions to improve understanding and accountability across teams.
• Continuously evaluate and implement process and automation improvement to enhance efficiency and reporting accuracy.
• Conduct network penetration testing for PCI environment using CoreImpact (Fortra) or similar tools to validate security controls and achieve regulatory compliance.

Required Work Experience:

• Bachelors degree in computer science information security or related discipline
• Minimum 7 years if experience in IT Security including 3 years leading a Vulnerability or Threat management program
• Proven experience with Qualys Tenable Wiz or equivalent vulnerability management tools.
• Hands on experience performing network penetration testing for PCI environments or equivalent
• Strong understanding of CVSS CVE & CWE
• Familiarity with remediation strategies across Windows Linux Network and Cloud environments
• Excellent Communication and stakeholder management skills with ability to convey risk to both technical and non-technical audiences.
• Certifications such as CISSP CISM CISA GPEN or Qualys VMDR specialist
• Experience in regulated industries (Healthcare Financial or Life Sciences)
• Familiarity with ServiceNow Archer or similar GRC platforms for exception and risk tracking
• Experience leading and mentoring security engineers specialists or analysts.

Preferred Work Experience:

• Develop and maintain custom scripts and API integrations to automate and streamline reporting and remediation workflows.
• Leverage Qualys CAR (Custom Assessment and Remediation) and optimize for efficient remediation and scanning.