The Vulnerability Manager drives vulnerability management strategies and goals through coaching, mentoring and career guidance. Develops and maintains strong partnerships with stakeholders, ensuring end-to-end vulnerability remediation both internally and externally. Directs vulnerability assessments and penetration tests, assists with strategic planning, supports compliance and risk management activities, and pushes for improvements to mitigate risk.

Essential Duties and Responsibilities

• Ensures continuous vulnerability lifecycle management internally within the company and externally with clients, detecting, monitoring, reporting, and assessing impact on vulnerability-related data from sources.
• Develops and drives remediation strategies to address vulnerabilities and reduce attack surface.
• Assists with strategic planning, driving improvements and providing input on capabilities and methods for vulnerability management and security testing.
• Supports compliance and risk management activities, recommending security controls and corrective actions to mitigate vulnerability risks.
• Develops and maintains strong partnerships to drive end-to-end vulnerability remediation, ensure consistent customer experience, broaden awareness, and use of services, and educate users on security best practices integrated in key areas.
• Partners with other departments to assess potential negative impacts of remediation and apply compensating/mitigating controls.
• Provides communications across the organization, interfacing with senior leadership, driving security hardening best practices, and representing the vulnerability management team with customers and partners.
• Drives requirements definition, evaluation, recommendation, implementation, and troubleshooting of vulnerability management tools.
• Develops security testing capabilities and directs ongoing vulnerability assessments and penetration tests.
• Assesses current and emerging threats, cyberattacks, and zero-day vulnerabilities that pose risks to both the company and our clients.
• Notifies partners on threats and vulnerabilities to reduce the attack surface.
• Leads and supports vulnerability management team, establishing team and individual goals that support overall objectives.
• Coaches, mentors, and provides career development guidance.
• Establishes daily operations, regular communications, and resource planning, providing guidance, relaying expectations, and leading team initiatives and activities.
• Recruits, trains, and directly supervises all assigned subordinate staff.
• Evaluates employee performance, counsels, and disciplines as necessary.
• Maintains awareness and knowledge of current changes within legal, regulatory, and technological environments which may affect operations.
• Ensures senior management and staff are informed of any changes in a timely manner.
• Attends meetings, seminars and conferences and maintains continuity of any required or desirable certifications, if applicable.
• Promotes an environment that fosters inclusive relationships and creates unbiased opportunities for contributions through ideas, words, and actions.
• Recommends departmental goals and objectives (e.g., workforce planning, compensation).
• Reassesses or redefines priorities as appropriate to achieve performance objectives
• Performs other related duties as assigned or requested.
• Other duties as assigned.

Competencies, Skills, and Qualifications

• Bachelor's degree or combined experience/education as a substitute for minimum education
• 7 years of directly related experience
• Extensive experience in information security management and knowledge of internet security and networking protocols.
• Two years' experience leading a vulnerability management program, with the ability to prioritize projects and deliverables.
• Demonstrated understanding of vulnerability management and security testing practices and methodologies.
• Thorough knowledge of cloud computing and security issues related to cloud environments.
• Ability to evaluate business risks and recommend appropriate information security measures.
• Proven understanding of common vulnerability frameworks (e.g., CVSS, OWASP Top 10).
• Ability to quickly adapt as the external environment and organization evolves.
• Understanding of system, application, and database-hardening techniques and practices.
• Ability to interact effectively at all levels of an organization and across diverse cultural and linguistic barriers.
• Project management experience.
• Excellent written and oral communication skills.

Preferred Qualifications:

• Master's degree in related field
• 10 years of directly related experience as a Vulnerability Management Manager or similar role
• Experienced in presenting to large groups with confidence and polished presentation skills.
• Working toward or has CISSP, CISSP-ISSMP, CISM, and/or CRISC certifications.
• Experience in penetration testing

BCS365 is an Equal Opportunity Employer. We consider applicants for all positions without discrimination based on race, color, religion, creed, gender, national origin, sexual orientation, age marital or veteran status, disability, or any other legally protected status.

Please Note: BCS365 participates in E-Verify and will provide the federal government with your Form I-9 information to confirm that you are authorized to work in the U.S.