OverviewManager, Enterprise Vulnerability Management
Location: Remote - US | Remote
About the Role
The Manager, Enterprise Vulnerability Management is responsible for the strategy, design, implementation, and continuous improvement of the enterprise-wide vulnerability management program. This role drives risk-based prioritization, remediation, and maturity of vulnerability processes across cloud, on-premises, containers, applications, endpoints, and infrastructure. This leader will manage a team of analysts and partner with security engineering, product, and leadership teams to reduce organizational risk from vulnerabilities while enabling secure and reliable operations.
Your Role Responsibilities? Here's what you'll do.
- Define, evolve, and execute the team-level and program execution strategy for enterprise vulnerability management aligned with business objectives (e.g., SOC 2, ISO 27001, NIST), including metrics, dashboards, and continuous improvement initiatives.
- Oversee the end-to-end vulnerability management lifecycle including discovery, assessment, risk-based prioritization, remediation/mitigation, and verification using frameworks that combine technical severity with business impact.
- Partner with engineering, IT, AppSec, and cloud teams to triage vulnerabilities from scanners, penetration tests, and bug bounties — removing blockers and ensuring accountability for remediation.
- Build, document, and optimize processes for asset management, scanning, reporting, and tracking while identifying and driving automation opportunities to scale the program.
- Provide executive-level reporting on program effectiveness, risk posture, trends, and key metrics, ensuring alignment with internal policies, industry standards, and audit requirements.
- Lead, develop, and mentor a team of vulnerability management analysts, fostering accountability, personal growth, and a culture of continuous improvement.
Role Essentials
- Bachelor's degree in computer science, information security, or equivalent experience, with 8+ years in information security and at least 3 years focused on vulnerability management
- Proven track record building, scaling, or leading a vulnerability management program in a large, complex environment (multi-cloud, global, or high-scale tech/SaaS preferred)
- Deep knowledge of vulnerability management tools and strong understanding of asset discovery, scanning methodologies, cloud security (AWS, Azure, GCP), containers, and modern infrastructure
- Knowledge of relevant frameworks: NIST, FedRAMP, CIS, OWASP, ISO 27001
- Excellent program management, leadership, and communication skills with the ability to drive complex cross-functional initiatives with measurable outcomes
- Willingness to travel up to 5% as required
What We'd Like to See
- Relevant certifications: CISSP, CISM, CRISC, GIAC, CCSP, or vendor-specific
- Experience with automation/scripting and integration with DevOps pipelines (e.g., CI/CD, ticketing systems, or orchestration tools)
- Demonstrated fiscal responsibility and accountability in managing budgets
- Superior ability to coach, mentor, and develop team members and identify future leaders
- Strong business and technology acumen with the ability to engage and present effectively at the executive level
Pay Transparency
The salary range for this role is $153,000 – $172,000. The listed salary range represents a good faith estimate at the time of posting. The listed range may be adjusted in the future based on business needs. Actual compensation will be based on job-related factors including, but not limited to, qualifications, skills, and experience.
