Manager of Cyber Security Risk and Vulnerabilities

***We are unable to sponsor for this permanent full-time role***

***Position is bonus eligible***

Prestigious Enterprise Company is currently seeking a Manager of Cyber Security Risk and Vulnerabilities. Candidate will be responsible for developing and leading a high-performing team focused on vulnerability management, including vulnerability discovery, risk-based prioritization, and enterprise remediation coordination. This role oversees the design, delivery, and continuous improvement of services that reduce technology risk through scalable vulnerability identification and tracking processes, platform ownership, and stakeholder collaboration. The successful candidate will build strong relationships with key enterprise partners – including architecture, engineering, infrastructure, and application teams – to ensure vulnerabilities are understood, prioritized appropriately, and addressed in alignment with business risk tolerance. Through technical expertise and operational leadership, the manager will advance the maturity of the organization’s vulnerability management program and its integration with broader cyber risk functions. The ideal candidate will balance strong technical fluency with people leadership, operational execution, and the ability to inspire a high-performing team in a dynamic cybersecurity landscape.

Responsibilities:

Leads, coaches, and develops a team of engineers responsible for vulnerability discovery, assessment, risk-based prioritization, and remediation tracking across cloud, on-premises, and hybrid environments
Envisions, defines, designs, builds, staffs, and delivers vulnerability management processes and capabilities
Leads and supports the planning and execution of team goals and projects, including setting long-term strategy and making decisions about tools, technology, and staffing needs
Partners closely with stakeholders across technology, including architecture, engineering, infrastructure, application development, and cyber risk management teams to facilitate vulnerability communications, support remediation activities, and provide continuous reporting. Collaborates with enterprise risk, compliance, and threat intelligence teams to ensure vulnerability management aligns with the organization’s overall risk management strategy.
Ensures all project deliverables meet high standards for accuracy, completeness, and impact, and are delivered on time to support team and organizational objectives
Represents the vulnerability management program to senior leadership, delivering concise, risk-informed insights and recommendations
Manages program metrics, reporting, and performance indicators to demonstrate business value, operational maturity, and continuous improvement
Supports the organization’s processes/methodologies, structure, culture, skills/experience, process support tools, knowledge resources, and other components
Contributes to team culture by modeling integrity, inclusivity, accountability, and collaboration
This list is not all-inclusive and you are expected to perform other duties as requested or assigned

Qualifications:

8+ experience years with a Bachelor’s degree; strong hands-on Supervisory/Management experience

Industry certifications such as CISSP, GSEC, OSCP, or comparable security-related credentials are strongly preferred
Proven experience managing enterprise-scale vulnerability management programs and tools

Proven expertise in developing, mentoring, and retaining high-performing teams while fostering a mindful, inclusive, and trust-based team culture
Strong ability to build trust, partnerships, and mutual support across many diverse teams
Excellent communication and presentation skills, with the ability to convey technical concepts to diverse audiences and a strong emphasis on listening and understanding stakeholder needs
Proven record of complex and creative problem-solving, and the desire to build, influence, and improve systems, programs, and processes
Demonstrated background in strategic planning, service/program development, capability assessment, and building strong narratives to drive decision-making and create change
Ability to understand how individual and team efforts align with broader organizational objectives, and to make decisions with enterprise-wide impact in mind
Strong commitment to craftsmanship, with a focus on quality, accuracy, and clarity of work

Technical & Domain Expertise:

Deep understanding of risk-based vulnerability management. Knowledge of vulnerability scoring systems (CVSS), security benchmarks (CIS, NIST), and risk quantification techniques
Proficiency in selecting, implementing, and managing vulnerability scanning tools (e.g., SAST, SCA, IAST, DAST, Network/Infrastructure, Cloud, etc.) across the technology stack
Experience designing and implementing automation for vulnerability management processes using generative AI, agent-based systems, large language models (LLMs), or machine learning to improve efficiency, effectiveness, and scalability
Skilled in analyzing business and technical requirements and translating them into effective solutions, technical plans, roadmaps, budgets, and proposals that support cyber program growth and align with cyber and organizational goals
Commitment to continuous learning with the ability to research and enhance technical and domain-specific knowledge to support rapidly changing environments

Skilled in coordinating multiple concurrent projects with a clear understanding of the project lifecycle, prioritization frameworks, and delivery expectations