VP Cybersecurity - Application Security, Vulnerability Management, and CTI

Title: VP, Vulnerability Management

Reports: A-EVP, Head of Cybersecurity of Operations

Type: FTE

Salary: $160-$170k/year

Mode/Location : Raleigh, NC Hybrid preferred

As a Cyber Security Manager, you will be responsible for strategically planning, leading, and tactically supporting the Cyber Threat Intelligence and Vulnerability Management program. As a self-driven leader, you will develop and direct a team of cyber security analysts to perform risk-based analysis of vulnerability data and the threat landscape to prioritize remediation efforts and mature the overall program. This leadership position requires strong verbal and written communication, strategic collaboration skills, demonstrated ability to develop and mature team and technical capabilities, and strong partnerships with cross functional teams. Strong candidates must have extensive experience across the entire vulnerability management lifecycle and a solid foundation to Cyber Threat Intelligence. Risk-based reporting both in Vulnerability Management and Threat Intelligence will be critical to this candidates' success.

This role will report to the A-EVP of Cyber Security Operations in the NCSECU Information Security Group.

DIMENSIONS

• Accountable for the development and implementation of the holistic Vulnerability Management program

• Devise, implement, and monitor vulnerability response processes to remediate critical and zero-day vulnerabilities efficiently.

• Maintain partnerships with stakeholders and drive end-to-end vulnerability remediation.

• Collaborate with partner teams in establishing scalable processes for vulnerability and asset prioritization based on known risk and threat data.

• Create, and automate workflows that enable vulnerability and systems management at scale.

• Manage the security vulnerabilities and risks across the NCSECU enterprise, including identifying and supporting application/system owners to manage threats and remediate vulnerabilities.

• Create and execute escalation procedures when vulnerability remediation expectations are not met.

• Set up and maintain procedures ensuring relevant vulnerability management KPIs and metrics are shared with relevant stakeholders.

• Oversee activities of a team of Vulnerability Management analysts, including vulnerability scanning, web and application vulnerability management, attack surface management, and remediation.

• Work with vendors to optimize NCSECU's investment in vulnerability management tools.

• Contribute to the systems hardening efforts at NCSECU by providing security best practices recommendations.

• Design and implement metrics to present to senior management in support of KPIs

• Accountable for the continued maturity and development of the holistic Cyber Threat Intelligence program

• Manage the Cyber Threat Intelligence program including senior level reporting of CTI to senior leaders.

• Coordinate with peer managers to harden and validate security controls based on CTI

• Responsible for the performance management of team members, including disciplinary actions and hire/fire recommendations

• Responsible for talent development, including quarterly conversations, career pathways conversations, and individual development/growth plans

ESSENTIAL BUSINESS EXPERIENCE AND TECHNICAL SKILLS

• Leadership, teamwork, collaboration, self-driven and effective communication skills - both written and verbal.

• 3-5+ years of experience in Cyber Security Management and People Management.

• 3-5+ years required of combined IT and security work experience with broad exposure to Cyber Threat Intelligence and Vulnerability Management.

• Expertise in vulnerability management, bringing assertive expert leadership and guidance to teams in patching and vulnerability remediation.

• Experience with vulnerability scanning and reporting solutions including Qualys, Tenable, Tenable Lumin, Splunk, etc.

• Experience with various Cyber Threat Intelligence service providers and capabilities

• Extensive knowledge of computer security architectures and protocols, including firewalls, DMZs, remote access, networking, operating systems, and web applications.

• Understanding of Application Security including Application development and analysis

• Strong written and verbal communication skills with the ability to effectively relate security-related concepts to a broad range of technical and non-technical staff.

• Prioritize and implement tasks for self and team members.

• Working knowledge of various industry security standards and frameworks including: NIST, ISO 27001, ISF Standard of Good Practice (SoGP), etc. PREFERRED:

• Bachelor's degree in Computer Science, Information Systems or at least 5yrs of experience in related field.

• Knowledge of modern enterprise and security architectures, their challenges, common approaches to overcome their challenges, and their inherent security strengths and weaknesses.

• Professional certifications such as: CISSP, CISA, CISM, GIAC, CGEIT, CRISC, OSCE, or other relevant industry certification and/or desire to obtain such certifications.

• Experience supporting or leading Cyber Threat Intelligence, Vulnerability Management, Application Security for large financial institutions including a national or global environment extending across multiple countries and time zones.

• Experience working within DevOps and Agile environment.

ManpowerGroup is committed to providing equal employment opportunities in a professional, high quality work environment. It is the policy of ManpowerGroup and all of its subsidiaries to recruit, train, promote, transfer, pay and take all employment actions without regard to an employee's race, color, national origin, ancestry, sex, sexual orientation, gender identity, genetic information, religion, age, disability, protected veteran status, or any other basis protected by applicable law.