Vulnerability Management

About the Role

We are seeking a Technical Operations Manager specializing in Vulnerability Management to lead and oversee our security operations. This role will be responsible for ensuring the identification, assessment, and remediation of vulnerabilities across our IT infrastructure, working closely with internal teams and external partners.

Key Responsibilities

• Lead and manage the end-to-end vulnerability management process, including scanning, analysis, prioritization, and remediation tracking.

• Oversee vulnerability assessments across on-premise, cloud, and hybrid environments to ensure continuous risk reduction.

• Collaborate with IT, Security, and Infrastructure teams to define and implement remediation strategies for identified vulnerabilities.

• Ensure compliance with industry regulations, security frameworks, and internal security policies.

• Develop and maintain metrics, dashboards, and reports to provide visibility into the vulnerability landscape and remediation progress.

• Manage patching processes in collaboration with relevant teams and ensure adherence to service level agreements (SLAs).

• Drive continuous improvement in vulnerability detection, risk assessment, and remediation workflows.

• Provide leadership in security incident response related to vulnerabilities and exploits.

• Stay updated with emerging threats, vulnerabilities, and best practices to enhance security posture.

• Manage stakeholder communication, including executive reporting, governance meetings, and compliance audits.

Required Skills & Experience

• 8+ years of experience in IT Security, with at least 3+ years in a vulnerability management leadership role.

• Strong understanding of vulnerability assessment tools (e.g., Qualys, Tenable, Rapid7) and security frameworks (e.g., NIST, CIS, ISO 27001).

• Experience working with cloud platforms (AWS, Azure, GCP) and securing hybrid environments.

• Knowledge of patch management, endpoint security, and secure configurations across Windows, Linux, and network devices.

• Ability to interpret and communicate technical risk to non-technical stakeholders effectively.

• Strong project management and problem-solving skills.

• Experience working in a managed services model is a plus.

• Certifications such as CISSP, CISM, CEH, or GIAC are preferred.