Vulnerability Manager

Internal use only - Grade E

About us

Were the team behind digital retailer Very.

Our purpose helping families get more out of life powers everything we do.

And we want our people to get more out of life too! If youre high-performing ambitious and make the most of every opportunity we want to hear from return youll enjoy heaps of flexibility great perks and benefits and the freedom to be yourself keep learning and take your career wherever you want it to go.

If you love making a difference youll love making it sparkle for millions of Very customers.

About the Role

Youll act as the central coordination and risk authority for vulnerability activityworking closely with engineering and platform teams who remain accountable for remediation delivery.

This role needs a strong technical foundation and the ability to build lead and develop a vulnerability management team setting clear ways of working coaching capability and scaling our coverage and reporting as we grow.

What you will be doing.

• Own and continuously improve the end-to-end vulnerability management lifecycle across legacy cloud containerised and third-party environments.
• Operate and coordinate the Security Penetration Testing Framework ensuring a consistent risk-led approach to scope frequency execution retesting and closure.
• Triage prioritise and track vulnerabilities and pen test findingsensuring clear ownership progress visibility and timely escalation of unmanaged risk.
• Govern risk acceptance/exceptions compensating controls and evidence for audit and regulatory scrutiny.
• Own reporting (risk posture trends coverage performance) for senior stakeholders and governance forums.
• Drive improvements in tooling data quality asset coverage and testing scopeworking with suppliers and internal teams.
• Establish a sustainable vulnerability management team (hiring onboarding performance coaching)

Essential Skills and Experience

• Strong experience coordinating vulnerability management and security penetration testing in complex enterprise environments.
• Demonstrable technical background (e.g. application/infrastructure security cloud security vulnerability assessment and remediation validation) with the capability to hire lead and develop a high-performing vulnerability management team.
• Solid understanding of penetration testing methodologies and assurance expectations across applications infrastructure cloud and externally exposed services.
• Ability to apply risk-based judgement beyond severity scoring (exploitability exposure and business context).
• Experience governing penetration testing (scope definition prioritisation retesting and remediation assurance).
• Proven track record working with engineering teams where remediation ownership sits outside of security.
• Confident stakeholder managementable to translate technical findings into clear business risk narratives.
• High standards for reporting documentation and audit readiness.

Desirable Skills and Experience

• Experience aligning vulnerability governance to ISO 27001 and/or NIST.
• Hands-on experience configuring and operating industry-standard vulnerability testing tooling.
• Exposure to cloud-native and legacy environments.
• Experience mentoring analysts or leading capability uplift.
• Understanding of secure SDLC and modern engineering delivery models.

Some of our benefits

• Flexible hybrid working model
• Inclusive culture and environment check out our Glassdoor reviews

• 1000 flexible benefits allowance to suit your needs
• 30 days holiday bank holidays
• Udemy learning access
• Bonus potential (performance and business-related)
• Up to 25% discount on

• Matched pension up to 6%
• More benefits can be foundon our career site

How to apply

Please note that the talent acquisition team are managing this vacancy directly and if successful in securing this role you will be required to undertake a credit CIFAS Right to Work checks and if a specific requirement of your role a DBS (criminal records) check. Should your application progress we require you to let the team know if there is anything you need to disclose in relation to any of these checks prior to them being undertaken including any unspent criminal convictions.

What happens next

Our talent acquisition team will be in touch if youre successful so keep an eye on your emails! Well arrange a short call to learn more about you as well as answer any questions you have. If it feels like were a good match well share your CV with the hiring manager to review. Our interview process is tailored to each role and can be in-person or held remotely.

You can expect a two-stage interview process for this position:

1st Stage - Initial Teams call with Hiring Team.

2nd Stage- A one-hour formal interview where you can expect both competency and technical questions with a take home task to prepare for.

Please do let us know if you require any reasonable adjustments.

Diversity inclusion and equal opportunities

Werebuilding a culture of everyday inclusion and welcome applications from anyone who believes they can do the job. We dont discriminate based on age disability gender reassignment marriage or civil partnership pregnancy or maternity race religion or belief sex or sexual orientation.

We want our recruitment process to be accessible to everyone. If you need reasonable adjustments to apply interview or perform a role let us know via Well be happy to support you.

Were proud to be aDisability Confident Committed Employerand have nine brilliant colleague networks - including DAWN (Disability Awareness at Very) and Think (Neurodiversity at Very) - that are helping us make Very an even more inclusive place to work.

Required Experience:

Manager