Vulnerability Management Lead needed. My client, a leading financial services is in need of a Vulnerability Management Lead to start asap on a 12 month contract in London. The role will start as a remote contract.
The role involves leading and being accountable for the end to end vulnerability management (VM) service. The vulnerability management service helps defend the company and its clients by ensuring scans of information assets are performed and pro-actively managing vulnerabilities in conjunction with Enterprise wide and Technology engineering teams, in alignment with risk objectives.
The Vulnerability Management Lead will:
* Develop the service, using automation, digitisation, security by design and a customer focused approach as appropriate, and formulate a service strategy for VM within the agreed budget;
* Understand the dependencies & work collaboratively with aligned services & departments such as Data Privacy, Technology, Risk & Legal to provide a consistent and reliable service & approach;
* Maintain good relationships with customer groups and ensure customer satisfaction, by monitoring quality & escalating issues as necessary;
* Take accountability for the VM service and oversee the delivery and quality of the service by your team, other teams and third parties;
* Lead and manage a team of high performing professionals in delivering a vulnerability management service;
* Provide opportunities and training to develop the skills needed to meet the future needs of the service;
* Be accountable for performing technical risk assessments on vulnerabilities and recommending remediation prioritisation or approving exceptions if necessary;
* Be accountable for working with various internal and external sources to review threat intelligence and vulnerability alerts, assess impact of vulnerabilities in conjunction with Technology and then prioritise actions based on the vulnerability assessment through a risk-based approach to meet objectives;
* Be accountable for team of specialists who provide subject matter expertise, such as recommending remediation strategies and providing advice on complex configuration changes in support of vulnerability remediation;
* Be accountable for ensuring service documentation, such as process guides, are maintained and kept up to date.
* Be accountable for lifecycle ownership of in-scope technology that supports the vulnerability management service.
* Be responsible for providing reporting to leadership and other service stakeholders on service performance (against KPIs) and vulnerability risk exposure (against KRIs).
* Be responsible for inputting to and reviewing information security policy and standards related to vulnerability management.
* Be responsible for attending and supporting internal and external audits from a vulnerability management service perspective.
* Be Responsible for building and maintaining strong relationships with key stakeholders, such as Information Security leadership, CTO's, Technology Operations, business service owners and any 3rd parties;
* Provide advice to senior leadership on ways to improve control mechanisms, identify, evaluate, and mitigate risks;
* Work towards and achieve or extend professional certifications as part of personal development;
* Share experiences with others to assist their learning and understanding.