Vulnerability & Compliance Lead

We are seeking a Vulnerability & Compliance Lead who will be responsible for tracking and managing the identification, assessment, and remediation of security vulnerabilities across the organization's infrastructure and endpoints. The role also includes monitoring and reporting on vulnerability and other security compliance status. You will collaborate with various teams to ensure that security patches and updates are applied promptly and effectively, maintaining a strong security posture and ensuring compliance with industry standards.

Key Responsibilities:

• Subject Matter Expert: Provide expert guidance and support in vulnerability remediation, ensuring effective processes for identifying and addressing vulnerabilities.
• Prioritization: Assess vulnerability severity, exploitability, and business impact to establish remediation priorities.
• Strategic Planning: Develop strategies to mitigate vulnerabilities through patching, updating configurations, and implementing software updates.
• Collaboration: Coordinate with vendor support, security teams, and application teams to address and remediate vulnerabilities.
• Monitoring and Reporting: Track and report vulnerability status and security compliance.
• Continuous Improvement: Regularly evaluate data and processes, recommending improvements where necessary.
• Compliance: Ensure that the organization complies with relevant security standards and regulations.
• Exception Management: Identify and document instances where security patches or configuration controls cannot be immediately implemented due to technical or business reasons.
• Risk Assessment: Evaluate potential risks when granting security exceptions, considering both immediate needs and long-term implications.
• Exception Renewal: Periodically review active exceptions, determining if they are still necessary, and request extensions or revocation when appropriate.

Technical Skills:

• Proficiency with IT tools such as ServiceNow, Azure DevOps, Qualys, Absolute, and CrowdStrike.
• Experience with vulnerability assessment and remediation tools.
• Strong understanding of cybersecurity concepts, including secure configuration management, data protection, incident response, and patch management.
• Knowledge of risk analysis, vulnerability assessment methodologies, and security baselines.
• Expertise in operating systems, secure configuration, and build images.
• Experience with automation and scripting (e.g., Python, PowerShell).
• Solid knowledge of networking, firewalls, VPNs, cloud platforms, and security measures.

Soft Skills:

• Strong analytical and problem-solving abilities.
• Effective written and verbal communication skills.
• Detail-oriented with the ability to work in cross-functional teams.
• Ability to adapt to changing security landscapes and emerging threats.
• Capable of communicating complex technical concepts to various audiences with different levels of understanding.

Qualifications:

• Education: Bachelor's degree in Computer Science, Information Technology, or a related field.
• Experience: At least 3 years in vulnerability management or a related field, with leadership experience preferred.
• Certifications: Security+, Certified in Cybersecurity, or similar certifications are desirable.