Position Summary

Our client is the premier sports entertainment organization based in Frisco, Texas. We are looking for a Vulnerability Manager to join our cybersecurity team. Our cybersecurity team focuses on managing cybersecurity functions across the organization, working to ensure the protection of our critical assets and data. As a Vulnerability Manager, you will be a valued member of a fast-paced, innovative, and collaborative cybersecurity team.

As the Vulnerability Manager, you will lead and mature the organizations vulnerability management program, ensuring a proactive and strategic approach to identifying, assessing, prioritizing, and remediating security vulnerabilities across enterprise-wide IT assets. In this leadership role, you will collaborate with key stakeholders, drive remediation efforts, and develop strategies to reduce the organizations attack surface. You will also oversee vulnerability management governance, reporting, and integration with risk management and security operations to enhance the organizations overall cybersecurity posture.

As a senior leader, you will play a crucial role in defining the roadmap for vulnerability management, ensuring alignment with business objectives, regulatory requirements, and industry best practices. You will lead a team of analysists, establish a enterprise-wide process, and work closely with cross-functional teams to ensure vulnerability mitigation while balancing business continuity.

Essential Job Duties

• Lead and enhance the vulnerability management program, including managing governance, policies, and processes for effective vulnerability identification, assessment, and remediation.
• Develop and implement risk-based vulnerability prioritization methodologies to focus remediation efforts on the most critical risks, aligning with business impact and threat intelligence.
• Partner with IT, Information Security, and Business teams to integrate vulnerability management infrastructure, application development, and cloud environments.
• Oversee organization-wide vulnerability scanning, penetration testing, and attack surface management, leveraging automation where applicable.
• Define and implement KPIs and metrics for vulnerability management, providing executive-level reporting on program effectiveness, trends, and remediation progress.
• Ensure vulnerability management activities align with industry regulations such as NIST, CIS, ISO 27001, and PCI DSS, supporting internal and external audits.
• Extend vulnerability management efforts to third-party vendors, cloud service providers (AWS, Azure, GCP), and SaaS applications.

Skills and Experience

• 10+ years of experience in vulnerability management, security operations, or information security.
• Expert-level proficiency with vulnerability management solutions such as Qualys, Tenable Nessus, Rapid7 InsightVM, or similar platforms.
• Comprehensive understanding of attack vectors, exploitability, and threat actor tactics, techniques, and procedures (TTPs).
• Experience implementing and scaling vulnerability management programs within large, complex enterprise environments.
• Strong knowledge of OS hardening, secure configurations, and least privilege principles across Windows, Linux, macOS, and mobile devices.
• Excellent communication and stakeholder management skills, with the ability to convey complex security concepts to technical and non-technical audiences.

Additional Qualifications

• Proven trustworthiness and history of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating well.
• Self-starter requiring minimal supervision.
• Excellence in communicating business risk and remediation requirements from assessments.
• Analytical and problem-solving mindset.
• Highly organized and efficient.
• Demonstrated strategic and tactical thinking, along with decision-making skills and business acumen.

Education Requirements

Bachelor's degree in computer science (preferred), information assurance, MIS or related field, (or equivalent work experience).

Certification Requirements

• Preferably, one or more of the following: GCED, GCCC, GPEN, GCIH, CISSP or CRISC.