Vulnerability Management Manager
ION Group
The Role:
The Vulnerability Management Manager is a global role within ION’s central services division and will support the Group Security strategy and operational excellence through the identification, mitigation and remediation of information security vulnerabilities, misconfigurations and risks to the business. This role reports to the Global Head of IT Security, who reports to the Group Chief Information Security Officer (CISO)
As a member of the ION Security team, you will build and lead a team of Security professionals specialising in Vulnerability Management along with managing the partners and technology vendor deliverables and of course building and owning the strategy to deliver a world class Vulnerability Management program. The candidate must understand their role in the broader vulnerability management program and your team will regularly perform discovery scanning, risk/exposure assessments, mitigation support activities, continuous validation assessments, and lessons learned workshops and improvement projects to continuously improve our process across Group Security and all other Verticals.
We are looking for a diligent, dedicated, creative and motivated individual. Excellent communication skills are a must, and the role holder will be expected to cultivate working relationships with other teams and colleagues of varying technical ability. The role would suit a technically strong candidate with an extensive cybersecurity background, at least 10+ years working in a security role, with focus on Vulnerability Management. Key Responsibilities:This role may require work-out of hours in support of 24x7 globally coordinated operationThe primary responsibilities of this role are to:
Personnel ManagementEnsure team members have clear objectives/development plansAlign Teams’ objectives to OKRsBe the escalation point for security Tooling issues and critical security breachesResponsible for team development, upskilling & mentoring
Protect and defend:Manage Vulnerability Management tooling to ensure coverage/availability/efficacyDrive improvements and feature enhancement to ensure ROI
Operate and maintain:Configure, tune, maintain & operate key vulnerability management controlsManagement reporting – real-time metrics and scheduled reportsDrive process/procedure changes accordinglyEnsure quality of ticketing & runbook maintenance Cultivate and maintain strong vendor relationships Have an attitude of continuous improvement Participate in CAB, Tool review or Architecture Review Boards (ARBs)
As a member of the ION IT Security Team, it is expected that the person in this role will:Execute ongoing, operational business-as-usual (BAU) tasks to meet management-defined KPIs and SLAs, and deliver security projects in line with management-defined priorities and deadlinesStay current with the latest security news, threats, intelligence, tactics, techniques, and vulnerabilities. Research and analyze new threats and vulnerabilities to determine exposure.Assist and/or lead efforts to isolate, contain, respond to, and recover from security incidents Identify, review, prioritize, plan, coordinate, and follow-up on the remediation of vulnerabilitiesDefine, document, and follow approved processes for all the responsibilities included in this job description. Create and maintain documentation for systems, including design and operationReview vulnerability management systems, configurations, and processes to ensure and report on compliance with ION policy, client requirements, audit controls, regulations, and industry best practices. Provide best practice security recommendations to IT and other teams within ION, based on review resultsExperience, Skills and Qualifications:Degree/diploma/certifications in a technology-related field and/or relevant working experience; highly desired certifications include:Security+, CCSP, CEH, GCIH, GMON, CASP, or CISSP10 years’ experience in Vulnerability Management within large organizations with at least 5 years in a senior leadership roleExcellent track record of building and leading a Vulnerability Management program on a global scale with knowledge on vulnerability assessments, remediation and mitigation activitiesTechnical Security/Engineering/Compliance background with a track record of building and running global teamsPrevious track record of build risk management framework and applying to an existing vulnerability management programStrong technical expertise in implementing a Prioritization formula to vulnerabilities and misconfigurations and translating these into risksExcellent knowledge of Vulnerability Management frameworks such as NIST/SANS
The following general characteristics are required:
A team player with the ability to work independently and unsupervised Ability to own delegated tasks and see them through to completionAbility to manage time and prioritize work to maximize productivityExcellent reporting and presentation skills are essential for this roleExcellent communication skills (both written and verbal)Exceptional attention to detail and qualityExcellent problem-solving techniques and trouble analysis skillsExperience in design and publishing Security Standards & PoliciesExperienced in leading Purple TeamingExperienced in running global Bug Bounty/VDP programsExperienced in leading Pen Testing, from scope, schedule, findings, remediation and risk registration and running the Pen Test program for Group Security as well as all other Verticals
The candidate should have a good knowledge of:
Vulnerability Management concepts, controls, and best practices for all Operating systems & asset types, (e.g. workstations, endpoints, mobile, servers either Windows/Linux, cloud instances, etc.)Vulnerability Management tools (Tenable/Rapid7/Qualys)Cloud Security compliance (IaaS, PaaS, SaaS) and misconfigurationsMulti-platform endpoints, infrastructure and XaaS vulnerability management deploymentsGeneral IT networking concepts, protocols, standards and network security concepts, controls, and best practicesForensic investigation techniques
Prior experience deploying, configuring, managing, and/or operating security technologies is preferred, such as endpoint security (e.g. AV/EPP/EDR), SIEM, DLP, SWG, CASB, UEBA, IDS, IPS, firewalls, IAM/PIM/PAM, Vulnerability Management, MDM, etc.Excellent track record of Senior Leadership and Board level interaction, reporting and communicationsExperience in InfoSec program management, project support and large-scale changeProven knowledge of compliance, regulatory practices and experience managing auditsAbout us:
We’re a diverse group of visionary innovators who provide trading and workflow automation software, high-value analytics, and strategic consulting to corporations, central banks, financial institutions, and governments. Founded in 1999, we’ve achieved tremendous growth by bringing together some of the best and most successful financial technology companies in the world.
• Over 2,000 of the world’s leading corporations, including 50% of the Fortune 500 and 30% of the world’s central banks, trust ION solutions to manage their cash, in-house banking, commodity supply chain, trading and risk.
• Over 800 of the world’s leading banks and broker-dealers use our electronic trading platforms to operate the world’s financial market infrastructure.
ION is a rapidly expanding and dynamic group with 13,000 employees and offices in more than 40 cities around the globe. Our ever-expanding global footprint, cutting edge products, and over 40,000 customers worldwide provide an unparalleled career experience for those who share our vision.
ION is committed to maintaining a supportive and inclusive environment for people with diverse backgrounds and experiences. We respect the varied identities, abilities, cultures, and traditions of the individuals who comprise our organization and recognize the value that different backgrounds and points of view bring to our business.ION adheres to an equal employment opportunity policy that prohibits discriminatory practices or harassment against applicants or employees based on any legally impermissible factor.
The Vulnerability Management Manager is a global role within ION’s central services division and will support the Group Security strategy and operational excellence through the identification, mitigation and remediation of information security vulnerabilities, misconfigurations and risks to the business. This role reports to the Global Head of IT Security, who reports to the Group Chief Information Security Officer (CISO)
As a member of the ION Security team, you will build and lead a team of Security professionals specialising in Vulnerability Management along with managing the partners and technology vendor deliverables and of course building and owning the strategy to deliver a world class Vulnerability Management program. The candidate must understand their role in the broader vulnerability management program and your team will regularly perform discovery scanning, risk/exposure assessments, mitigation support activities, continuous validation assessments, and lessons learned workshops and improvement projects to continuously improve our process across Group Security and all other Verticals.
We are looking for a diligent, dedicated, creative and motivated individual. Excellent communication skills are a must, and the role holder will be expected to cultivate working relationships with other teams and colleagues of varying technical ability. The role would suit a technically strong candidate with an extensive cybersecurity background, at least 10+ years working in a security role, with focus on Vulnerability Management. Key Responsibilities:This role may require work-out of hours in support of 24x7 globally coordinated operationThe primary responsibilities of this role are to:
Personnel ManagementEnsure team members have clear objectives/development plansAlign Teams’ objectives to OKRsBe the escalation point for security Tooling issues and critical security breachesResponsible for team development, upskilling & mentoring
Protect and defend:Manage Vulnerability Management tooling to ensure coverage/availability/efficacyDrive improvements and feature enhancement to ensure ROI
Operate and maintain:Configure, tune, maintain & operate key vulnerability management controlsManagement reporting – real-time metrics and scheduled reportsDrive process/procedure changes accordinglyEnsure quality of ticketing & runbook maintenance Cultivate and maintain strong vendor relationships Have an attitude of continuous improvement Participate in CAB, Tool review or Architecture Review Boards (ARBs)
As a member of the ION IT Security Team, it is expected that the person in this role will:Execute ongoing, operational business-as-usual (BAU) tasks to meet management-defined KPIs and SLAs, and deliver security projects in line with management-defined priorities and deadlinesStay current with the latest security news, threats, intelligence, tactics, techniques, and vulnerabilities. Research and analyze new threats and vulnerabilities to determine exposure.Assist and/or lead efforts to isolate, contain, respond to, and recover from security incidents Identify, review, prioritize, plan, coordinate, and follow-up on the remediation of vulnerabilitiesDefine, document, and follow approved processes for all the responsibilities included in this job description. Create and maintain documentation for systems, including design and operationReview vulnerability management systems, configurations, and processes to ensure and report on compliance with ION policy, client requirements, audit controls, regulations, and industry best practices. Provide best practice security recommendations to IT and other teams within ION, based on review resultsExperience, Skills and Qualifications:Degree/diploma/certifications in a technology-related field and/or relevant working experience; highly desired certifications include:Security+, CCSP, CEH, GCIH, GMON, CASP, or CISSP10 years’ experience in Vulnerability Management within large organizations with at least 5 years in a senior leadership roleExcellent track record of building and leading a Vulnerability Management program on a global scale with knowledge on vulnerability assessments, remediation and mitigation activitiesTechnical Security/Engineering/Compliance background with a track record of building and running global teamsPrevious track record of build risk management framework and applying to an existing vulnerability management programStrong technical expertise in implementing a Prioritization formula to vulnerabilities and misconfigurations and translating these into risksExcellent knowledge of Vulnerability Management frameworks such as NIST/SANS
The following general characteristics are required:
A team player with the ability to work independently and unsupervised Ability to own delegated tasks and see them through to completionAbility to manage time and prioritize work to maximize productivityExcellent reporting and presentation skills are essential for this roleExcellent communication skills (both written and verbal)Exceptional attention to detail and qualityExcellent problem-solving techniques and trouble analysis skillsExperience in design and publishing Security Standards & PoliciesExperienced in leading Purple TeamingExperienced in running global Bug Bounty/VDP programsExperienced in leading Pen Testing, from scope, schedule, findings, remediation and risk registration and running the Pen Test program for Group Security as well as all other Verticals
The candidate should have a good knowledge of:
Vulnerability Management concepts, controls, and best practices for all Operating systems & asset types, (e.g. workstations, endpoints, mobile, servers either Windows/Linux, cloud instances, etc.)Vulnerability Management tools (Tenable/Rapid7/Qualys)Cloud Security compliance (IaaS, PaaS, SaaS) and misconfigurationsMulti-platform endpoints, infrastructure and XaaS vulnerability management deploymentsGeneral IT networking concepts, protocols, standards and network security concepts, controls, and best practicesForensic investigation techniques
Prior experience deploying, configuring, managing, and/or operating security technologies is preferred, such as endpoint security (e.g. AV/EPP/EDR), SIEM, DLP, SWG, CASB, UEBA, IDS, IPS, firewalls, IAM/PIM/PAM, Vulnerability Management, MDM, etc.Excellent track record of Senior Leadership and Board level interaction, reporting and communicationsExperience in InfoSec program management, project support and large-scale changeProven knowledge of compliance, regulatory practices and experience managing auditsAbout us:
We’re a diverse group of visionary innovators who provide trading and workflow automation software, high-value analytics, and strategic consulting to corporations, central banks, financial institutions, and governments. Founded in 1999, we’ve achieved tremendous growth by bringing together some of the best and most successful financial technology companies in the world.
• Over 2,000 of the world’s leading corporations, including 50% of the Fortune 500 and 30% of the world’s central banks, trust ION solutions to manage their cash, in-house banking, commodity supply chain, trading and risk.
• Over 800 of the world’s leading banks and broker-dealers use our electronic trading platforms to operate the world’s financial market infrastructure.
ION is a rapidly expanding and dynamic group with 13,000 employees and offices in more than 40 cities around the globe. Our ever-expanding global footprint, cutting edge products, and over 40,000 customers worldwide provide an unparalleled career experience for those who share our vision.
ION is committed to maintaining a supportive and inclusive environment for people with diverse backgrounds and experiences. We respect the varied identities, abilities, cultures, and traditions of the individuals who comprise our organization and recognize the value that different backgrounds and points of view bring to our business.ION adheres to an equal employment opportunity policy that prohibits discriminatory practices or harassment against applicants or employees based on any legally impermissible factor.
Por favor confirme su dirección de correo electrónico: Send Email