Vulnerability Program Manager

Formal Job Description:

This position is responsible for building and managing the Vulnerability Management Program including data analysis, reporting, metrics, governance, process improvement, remediation prioritization, validation, and risk management. This position is a direct report to the Executive Director of Technology Risk Management in the Information Security Team.

• Coordinate work with technical support teams, application owners, business owners, and vendors who are required to address vulnerability management requirements.
• Leverage vulnerability and asset discovery tools to deliver reporting and metrics
• Conduct data analysis and research to validate business owner, application owner and technical support for systems requiring vulnerability remediation.
• Serves as a subject matter expert for vulnerability management.
• Prioritize actions with technical support teams to meet changing risk and business needs.
• Keeps informed of vulnerability risks and technology advances to inform innovation in best practices for vulnerability management.

Why this position is open/project/Skillset requirements:

• Dedicated to building vulnerability process for people and tech
• Establishing people process of a vuln management program
• Perform evaluation and drive incremental changes to all aspects of people process and technology
• Figure out why we aren't evaluating vulnerability quick enough
• Needs to have more end-to-end expertise and solve real world problems
• Understand tech issues, "data junkie" and drive programs and be a senior leader to push program forward
• Work with various teams
• Vulnerability is a big risk, majority of incidents is a result of vuln problem
• Currently patching but need someone to drive real change
• Vulnerability tools: Tenable, Armis, Wiz, Vallum, CrowdStrike

Day to Day responsibilities:

• Work with IT teams to identify vuln and come up with solutions (instead of patching) then translate those solutions to stakeholders and upper-level leadership

Industry Exp:

• Healthcare exp required

Job Responsibilities:

• Vulnerability Remediation Coordination & Risk Management
• Primary point of contact for vulnerability management and related queries and escalations
• Works with stakeholders to govern and enforce Vulnerability Management process, inclusive of identifying, specifying and analyzing vulnerability closure, report status and managing progress throughout the lifecycle of a vulnerability.
• Develops status updates, evaluates SLA adherence and formulates plans, schedules and escalation channels, to meet or exceed SLA targets.
• Collaborate with technical and business teams to assess risks related to open vulnerabilities and implement mitigation strategies.
• Coordinates vulnerability management lifecycle, including risk acceptance process for residual vulnerabilities / risk items.
• Identifies and negotiates schedules, milestones and resources required to meet objectives, primarily through coordinating the activities with other IT departments and Vendors (e.g., database, telecommunications, operations, technical support, etc.)
• Escalates unresolved vulnerabilities in a timely manner and closes any backlogs
• Process Improvement and Management
• Design and build processes for governance of IT vulnerability management, risk management, and compliance.
• Utilize domain specific knowledge to work with different IT teams to: identify, specify and analyze SLA requirements and processes, and monitors progress throughout the vulnerability lifecycle and closure process.
• Identifies process gaps and recommends improvements to enhance efficiency and reduce operational risk
• Reporting and Metrics Management
• Align vulnerability reporting and metrics to IT Owners, Business Owners, Applications Owners and Risk Portfolios
• Define, track, and manage key performance indicators (KPI) for IT business areas, including IT service management, Vulnerability management, Application Management, Infrastructure Management etc.
• Produce reports and dashboards on Vulnerability Management, SLA Adherence, and IT operational metrics to senior leadership team.

Job Specific Qualifications

• Bachelors degree in Computer Science and/or 10+ more years of relevant work experience
• Demonstrated leadership capabilities through projects or other work planning experiences
• Understanding of and experience in IT project management methodologies, requirements management, quality assurance and IT processes
• Requires broad knowledge of the business area's functions and applications, and of system and technology alternatives
• Experience working with Cybersecurity, System Administrators, Application System Owners
• Strong understanding of Vulnerability Management processes, best practices and risk assessment methodologies, security risk remediation & reporting
• Demonstrated experience with Vulnerability Management tools and analytic tools to automate performance reporting, and KPI management
• Prior experience in IT governance, risk and/or compliance field
• Strong analytical ability to translate insights into actionable recommendations
• Strong verbal and written communication skills
• Ability to foster working relationships with the team, IT Management, Business Partners, Clinical teams, and vendor teams
• Good understanding of technology platforms and ability to explain technical ask
• Ability to measure process performance and identify constraints, or any other escalation requirements
• Working knowledge of specific technology area including business process configuration and execution for assigned domains

Impellam Group and its brands are equal-opportunity employers committed to diversity and inclusion. All qualified applicants will receive consideration without regard to race, color, religion, gender, sexual orientation, pregnancy or maternity, national origin, age, disability, veteran status, or any other factor determined to be unlawful under applicable law. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application, interview process, pre-employment activity, and the performance of crucial job functions.

If you require additional disability considerations, modifications, or adjustments please let us know by contacting HR-InfoImpellamNA@impellam.com or fill out this form to request accommodations.