Vulnerability Management Manager

The Systems Manager, Vulnerability Management leads the Vulnerability Management team and drives measurable risk reduction across systems, Cloud, applications and operational technology (OT) and reports to the Director, Cybersecurity Operations while partnering closely with engineering, platform, operations, application security, cloud teams, and OT stakeholders to strengthen cloud security work tied to resource misconfigurations, advance application security through shift left and runtime security and build OT security vulnerability management capability from scratch by defining scope, intake, prioritization, remediation paths and verification, while ensuring rapid and well-coordinated response to emerging critical vulnerabilities and risks such as secrets leakage.

This role will modernize the vulnerability management program towards Continuous Threat Exposure Management (CTEM), by connecting vulnerabilities to real exposure and threat context and tracking outcomes that reflect risk reduction over time. Stakeholder management is a core responsibility, including socializing new programs, desired outcomes and operating models with engineering, platform, operations and security leadership and aligning ownership and expectations so remediation becomes predictable and measurable. You will also train and develop a team of about 9 by building repeatable operating routines, improving escalation and incident coordination, and creating skills roadmap across cloud security, application security, vulnerability workflows, runtime protection, and OT fundamentals, and you will help futureproof the capability by recruiting, onboarding, and developing additional vulnerability management talent as the program grows. In addition, the Systems Manager will participate in industry working groups and forums to collaborate with peers on CTEM and vulnerability management programs and processes.

• Manage a team of about 9, coach performance and continuously build capabilities through hiring, skills plans and targeted training.
• Provide clear updates to leadership and partner teams, including project status, emerging issues and remediation progress for high severity items.
• Evolve beyond vulnerability patching by connecting vulnerabilities to exposure and threat context.
• Lead end to end intake, triage, prioritization and remediation coordination for system wide vulnerabilities.
• Identify and drive automation opportunities across scan orchestration, remediation ticketing, SLA tracking, and CI/CD pipeline integration to reduce manual effort and improve response time.
• Lead end-to-end tracking, risk assessment, and escalation for emerging critical vulnerabilities, including managing risk exceptions, proposing and documenting compensating controls and maintaining clear status updates.
• Partner with Cloud, platform and engineering stakeholders to reduce cloud risk misconfigurations. Triage findings by business impact, exploitability and exposure.
• Work with Application and Engineering Teams to prevent vulnerable code and insecure configurations earlier in the lifecycle. Ensure findings are triaged correctly, assigned owners, and tracked to SLA for remediation, with escalation when remediation is at risk.
• Drive effective Web Application Firewall operations, including rule tuning, validation and quality improvements.
• Coordinate response to runtime risks and findings discovered during execution.
• Stand up OT intake, scope, asset coverage, remediation paths and verification.
• Train internal partners on how OT findings are prioritized and handled.