IT Governance, Risk, and Vulnerability Management Lead

Overview

We are seeking an experienced IT Governance, Risk, and Vulnerability Management Lead to drive governance, controls assurance, vulnerability management, and compliance across the organization. This role plays a critical part in ensuring IT controls align with regulatory and industry frameworks, vulnerabilities are effectively governed through closure, and leadership has clear visibility through metrics, dashboards, and reporting.

This position partners closely with IT Risk Management, Cybersecurity, Audit, Infrastructure, and Application teams to reduce operational risk while enabling business objectives.

Key Responsibilities

Governance and Controls Assurance

• Lead the development, implementation, and ongoing maintenance of IT controls aligned with industry and regulatory frameworks (NIST, NERC, ISO, SOX).

• Map regulatory, audit, and business requirements to control objectives and ensure sustained compliance.

• Prepare management responses to audit findings, develop remediation plans, and track closure of issues.

• Collaborate with IT Risk Management, Cybersecurity, and Audit teams to ensure controls support organizational and regulatory objectives.

• Design and build governance processes for IT vulnerability management, risk management, and compliance.

• Apply domain expertise to partner with IT teams to identify, define, and analyze SLA requirements and processes.

• Monitor vulnerability lifecycle progress and ensure timely remediation and closure.

• Identify process gaps and recommend improvements to enhance efficiency and reduce operational risk.

Reporting and Metrics Management

• Define, track, and manage key performance indicators (KPIs) across IT business areas, including:

  • IT Service Management

  • Vulnerability Management

  • Application Management

  • Infrastructure Management

• Produce executive-level reports and dashboards on vulnerability management status, SLA adherence, and IT operational performance.

• Ensure data quality and consistency through company-approved methodologies and standards.

Vulnerability Management and Compliance

• Serve as the primary point of contact for vulnerability remediation, escalations, and related inquiries.

• Govern and enforce the IT Vulnerability Management process, from identification through remediation and closure.

• Analyze vulnerability status, track SLA adherence, and develop action plans, schedules, and escalation paths to meet or exceed SLA targets.

• Collaborate with cross-functional teams to assess risk associated with open vulnerabilities and implement mitigation strategies.

• Manage the full vulnerability lifecycle, including risk acceptance for residual vulnerabilities.

• Coordinate schedules, milestones, and resources across IT teams and vendors (e.g., infrastructure, database, telecommunications, operations, and technical support).

• Proactively escalate unresolved vulnerabilities and eliminate remediation backlogs.

Qualifications

• Demonstrated experience in IT project management methodologies, requirements management, quality assurance, and IT operational processes.

• Broad understanding of business applications, system architectures, and technology alternatives.

• Deep familiarity with governance and assurance frameworks, including:

  • NIST CSF and NIST 800-53

  • COBIT

  • NERC CIP

  • SOX

• Strong knowledge of IT general controls (ITGCs), application controls, cybersecurity principles, and disaster recovery/business continuity.

• Proven expertise in vulnerability management processes, risk assessment methodologies, and SLA/KPI definition and reporting.

• Hands-on experience using analytical and reporting tools to automate performance metrics and dashboards.

• Prior experience in IT governance, risk, and/or compliance (GRC) roles.

• Strong analytical skills with the ability to translate insights into clear, actionable recommendations for technical and executive stakeholders.