Vulnerability Manager

The Vulnerability Manager will lead the IT Infrastructure Cybersecurity Operations team overseeing the enterprise-wide vulnerability remediation program for CA-CIBs infrastructure environment. This role bridges the Information Security team and IT Infrastructure platform teams ensuring timely remediation of vulnerabilities across servers networks databases and virtualization infrastructure while maintaining executive visibility through regular reporting.

Key Responsibilities

Infrastructure Vulnerability Remediation Management

Lead remediation efforts for vulnerabilities across IT Infrastructure domains.

Track vulnerabilities from Tenable penetration testing security assessments and threat intelligence feeds

Monitor remediation progress against established SLA deadlines

Engage proactively with Infrastructure Network Database and Virtualization teams to ensure timely closure

Maintain comprehensive dashboards and metrics on vulnerability remediation status

Stakeholder Management & Reporting

Present monthly vulnerability management reports to IT Infrastructure Management Steering Committee and CISO office

Provide executive insights on remediation trends infrastructure risk exposure and program effectiveness

Escalate critical infrastructure vulnerabilities to CTO Infrastructure Directors and Risk Management

Technical Guidance & Infrastructure Support

Provide expert guidance on remediation strategies patching approaches and configuration hardening

Troubleshoot complex remediation scenarios involving legacy systems business-critical infrastructure or technical dependencies

Recommend best practices for infrastructure vulnerability mitigation aligned with banking industry standards

Advice on patch management strategies balancing security requirements with infrastructure stability

Risk Acceptance & Control Validation

Review and validate risk acceptance requests when immediate remediation is not feasible due to business criticality legacy constraints vendor limitations or complex dependencies

Assess adequacy of proposed compensating controls (network segmentation access controls monitoring)

Guide teams in developing robust compensating controls that effectively reduce risk exposure

Ensure risk acceptance documentation meets CA-CIB governance regulatory and compliance requirements.

Program Leadership & Governance

Drive continuous improvement of the infrastructure vulnerability management program

Develop and maintain vulnerability management policies procedures and workflows aligned with CA-CIB IT governance

Foster collaboration between Information Security and IT Infrastructure teams

Support regulatory examinations and audits related to infrastructure security

Required Qualifications

Bachelors degree in Computer Science Information Technology Information Security or related field

7 years of experience in IT infrastructure security cybersecurity operations or vulnerability management within banking or financial services

3 years in a leadership or management role

Strong understanding of vulnerability assessment tools (Tenable/Nessus) and infrastructure scanning methodologies

Experience with risk management frameworks and control validation in regulated environments

Proven ability to communicate technical infrastructure security concepts to executive audiences

Understanding of banking regulatory requirements and IT risk management

Preferred Qualifications

Relevant certifications: CISSP CISM or similar

Experience with vulnerability management platforms and ITSM systems (ServiceNow)

Background in both information security and IT infrastructure operations

Experience working in large complex banking IT environments

English (mandatory) French language skills (preferred)

Key Competencies

Strong analytical and problem-solving skills with infrastructure focus

Excellent communication and presentation abilities in English

Proactive and results-oriented mindset with ability to work under regulatory pressure

Ability to influence infrastructure teams without direct authority

Strategic thinking with attention to operational detail and business impact

Stakeholder management and negotiation skills across technical and business functions

Ability to balance security requirements with business continuity and operational resilience

Working Environment

Location: Montreal Quebec

Working from home on a voluntary basis for up to 2 days per week after 3 months of joining

Collaboration with global IT Infrastructure and Security teams

Exposure to senior IT and Risk leadership