Vulnerability Remediation Lead

Job Expectations:

• Employment Type: Full-Time; Permanent (Direct Hire)
• Budget: Php 220,000 - Php 280,000
• Work Setup & Location: Hybrid - BGC, Taguig
• Work Schedule: Mondays - Fridays, rotating shift
• Industry: Insurance

Job Description:

As the Vulnerability Management Lead, the candidate should be knowledgeable about supporting the vulnerability management lifecycle (from detection to closure), keeping a risk-based approach throughout. The best candidate will have a security-by-design mindset and understand the importance of building relationships with the wider technology functions to convince them to remediate the identified vulnerabilities and reduce cyber risks to the company.

You will work closely with the Application/Control owners, track remediation progress, and publish metrics to senior management highlighting the vulnerabilities that have not been remediated promptly.

• Execute vulnerability management (VM) processes, guidelines, standards, and metrics.
• Lead the vulnerability management program, including vulnerability scanning, assessment, and remediation.
• Identify and access security vulnerabilities across applications, systems, networks, and Infrastructure through regular scanning and assessments.
• Convincing control owners to remediate/mitigate the vulnerabilities, ensuring it is not impacting the business.
• Collaborate with cross-functional teams to identify and prioritize vulnerabilities based on their severity and potential impact.
• Provide technical expertise and guidance on vulnerability management best practices.
• Collaborate with system administrators, developers, and other relevant stakeholders to ensure secure software development practices.
• Build and expand internal relationships with key groups and stakeholders, creating efficiencies for any dependencies.
• Consult teams to resolve issues that are uncovered by various internal and third-party monitoring tools.
• Investigate and validate reported vulnerabilities from internal and external sources.
• Generate reports and metrics for management on vulnerability assessment findings, progress, and trends.
• Monitor and stay up to date with Industry trends and the latest vulnerabilities and threats
• Apply a structured methodology and lead change management initiatives to create a strategy to support the adoption of the changes required by a project or initiative.
• Effective implementation of all the projects assigned and take complete ownership of the deliverables.
• Other managerial activities that help team and group objectives

Qualifications:

• Bachelor's Degree in Computer Science, Information Technology, or a related field.
• 10+ years of relevant work experience, with at least 3 years in a leadership role.
• Expertise in working with Vulnerability Management/Threat Intelligence tools such as Qualysguard, Tenable, Nessus, Wiz, Symantec, etc.
• Strong knowledge of Operating Systems (Windows, Linux) and Cloud environments.
• Familiarity with ISO 27001, NIST, and other guidelines on information security controls.
• Ability to apply a risk-based approach while working on assigned responsibilities.
• Stays abreast of emerging trends, regulatory changes, and evolving threats in the security and compliance landscape, advising the organization on potential impacts and necessary actions.
• Ability to communicate effectively with all business levels internally and externally.
• Capable of communicating security-related concepts to a broad range of technical and non-technical individuals as well as understanding new technologies quickly.
• Ability to manage projects working with a diverse group of individuals across multiple geographies.
• Certifications in one or more of the following is a plus: Certified Information Security Auditor (CISA), Certified Information Systems Security, Professional (CISSP), or Certified Information Security Manager (CISM)