Vulnerability Manager

Our client is the premier sports entertainment organization. We are looking for a Vulnerability Manager to join their CyberSec team. The cybersecurity team focuses on managing cybersecurity functions across the organization, working to ensure the protection of our critical assets and data.

*This is an ongoing, multi-year, open-ended contract position. PTO, paid holidays, a retirement plan, and healthcare are all offered. 3rd party candidates will not be considered.*

As a Vulnerability Manager, you will be a valued member of a fast-paced, innovative, and collaborative cybersecurity team. You will lead and mature the organizations vulnerability management program, ensuring a proactive and strategic approach to identifying, assessing, prioritizing, and remediating security vulnerabilities across enterprise-wide IT assets. In this leadership role, you will collaborate with key stakeholders, drive remediation efforts, and develop strategies to reduce the organizations attack surface. You will also oversee vulnerability management governance, reporting, and integration with risk management and security operations to enhance the organizations overall cybersecurity posture.

As a senior analyst, you will play a crucial role in defining the roadmap for vulnerability management, ensuring alignment with business objectives, regulatory requirements, and industry best practices. You will establish an enterprise-wide process, and work closely with cross-functional teams to ensure vulnerability mitigation while balancing business continuity.

What You'll Be Doing

• Lead and enhance the vulnerability management program, including managing governance, policies, and processes for effective vulnerability identification, assessment, and remediation.

• Develop and implement risk-based vulnerability prioritization methodologies to focus remediation efforts on the most critical risks, aligning with business impact and threat intelligence.

• Partner with IT, Information Security, and Business teams to integrate vulnerability management infrastructure, application development, and cloud environments.

• Oversee organization-wide vulnerability scanning, penetration testing, and attack surface management, leveraging automation where applicable.

• Define and implement KPIs and metrics for vulnerability management, providing executive-level reporting on program effectiveness, trends, and remediation progress.

• Ensure vulnerability management activities align with industry regulations such as NIST, CIS, ISO 27001, and PCI DSS, supporting internal and external audits.

• Extend vulnerability management efforts to third-party vendors, cloud service providers (AWS, Azure, GCP), and SaaS applications.

Skills and Experience

• 3-5 years of experience in vulnerability management, security operations, or information security.

• High-level proficiency with vulnerability management solutions such as Qualys, Tenable Nessus, Rapid7 InsightVM, or similar platforms.

• Comprehensive understanding of attack vectors, exploitability, and threat actor tactics, techniques, and procedures (TTPs).

• Experience implementing and scaling vulnerability management programs within large, complex enterprise environments.

• Strong knowledge of OS hardening, secure configurations, and least privilege principles across Windows, Linux, macOS, and mobile devices.

Additional Qualifications

• Proven trustworthiness and history of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating well.

• Self-starter requiring minimal supervision.

• Excellence in communicating business risk and remediation requirements from assessments.

• Analytical and problem-solving mindset.

• Highly organized and efficient.

• Demonstrated strategic and tactical thinking, along with decision-making skills and business acumen.

Nice to Have

• Any of the following certifications would be nice to have: GCED, GCCC, GPEN, GCIH, CISSP or CRISC.

• DevSecOps and/or SOC experience would be very beneficial