Sr Mgr Enterprise Vulnerability Management

Job Summary:

The Senior Manager, Enterprise Vulnerability Management, leads the enterprise vulnerability management function by developing and executing a comprehensive, risk-based strategy to identify, assess, and remediate vulnerabilities across infrastructure, cloud platforms, applications, and third-party services.

This role is responsible for defining program metrics, reporting on performance to executive and board stakeholders, and establishing governance frameworks to ensure consistent, effective vulnerability management practices.

The Senior Manager oversees the end-to-end vulnerability lifecycle, enforces operational standards, drives technical integration with leading security tools, and partners with cross-functional teams to prioritize and resolve security risks.

Additionally, this leader builds and mentors a high-performing team, fosters a culture of security excellence, and serves as a key advisor to IT, engineering, and business stakeholders on vulnerability risk and remediation.

Key Responsibilities:

Program Leadership & Strategy


* Lead the enterprise vulnerability management function, including strategy, execution, continuous improvement, and performance measurement.


* Develop, align, and evangelize a risk-based vulnerability posture strategy that drives timely and effective remediation across infrastructure, cloud workloads, applications, and third-party services.


* Define key performance indicators (KPIs), metrics dashboards, and executive reporting mechanisms to communicate program effectiveness to senior leaders and board stakeholders.

Operational Execution


* Oversee the end-to-end vulnerability management lifecycle: discovery, validation, prioritization, remediation tracking, and verification of closure.


* Establish and enforce standard operating procedures (SOPs), SLA's, and governance models to ensure consistent execution across business units.


* Ensure continuous and automated scanning coverage leveraging industry-leading tools (e.g., CrowdStrike, Tenable, Qualys, Rapid7, Wiz, Tanium, or similar) and integrate with ticketing and IT service management workflows.

Technical Oversight


* Lead vulnerability identification across multi-cloud, hybrid infrastructure, container platforms, and enterprise applications.


* Coordinate vulnerability scanning schedules, threat intelligence integration, and risk scoring methodologies (e.g., CVSS, EPSS, internal risk models) to prioritize remediation based on exploitability and business context.


* Partner with SecOps, engineering, and platform teams to ensure vulnerabilities are resolved effectively, and appropriate compensating controls are in place when necessary.

Stakeholder Collaboration


* Act as a key security advisor to IT, development, risk, compliance, and business owners regarding vulnerability risk exposure and remediation planning.


* Facilitate vulnerability review boards, risk committees, and cross-team governance f...