Vulnerability Manager

---

Job description

Great job opportunity available for an experienced Vulnerability and Compliance Manager

Your new company

A global Telecommunications company operating at the forefront of the information age, employing 90,000 people in 180 countries. And we're on a mission. Guided by our core values of Personal, Simple and Brilliant our goal is to help customers, communities and businesses overcome barriers and release their potential.

Your new role

You will protect the confidentiality, integrity, and availability of information assets, by providing a technical vulnerability\/compliance environment that provides accurate, complete and timely notification of vulnerabilities\/non compliances to operational teams in a manner that supports their remediation\/mitigation. Providing visibility of vulnerability compliance monitoring for complete ecosystem allows to ensure that the technical capabilities deployed control the risk they were intended to, as well as ensuring gaps in compliance can be mitigated. This is particularly the case where vulnerabilities are high risk and being actively exploited.

You'll have the following responsibilities:
Vulnerability Management Benchmarks: Responsible for defining the vulnerability management control standards, benchmarks, and procedure requirements.
Mitigation\/ Benchmark Compliance: Responsible for working with the security policy, compliance and reporting team, along with technical tools teams, to take security baselines and develop compliance testing criteria in appropriate tools. Maintaining such testing, incorporating appropriate feedback loop, to ensure effective and accurate reporting.
Vulnerability Management: Managing the Vulnerability Programme, providing coordination of requirements and metrics across the tooling capabilities. Working with CTIO and Delivery Units to understand compliance level and facilitate drive of compliance. Responsible for the management of all vulnerability related issues, except where these are part of an active security incident managed by the security operations team. Prioritising the technical security vulnerability work stack into the operational teams as appropriate.
Centralised Compliance: Working across Technology to bring together compliance reporting for different technologies as well as solutions not provided as part of the standard tools set. Assuring that nonstandard solutions are brought into the overall compliant picture and are also complaint.
Mitigation Orchestration: Working within Technology functions, and COMPASS to simplify mitigation and remediation activates to facilitate auto compliance where possible.
Leadership: Provide direct leadership of 4 people and managed allocation of these as a pool of matrix individuals.
COMPASS: Responsible for the provision of technical vulnerability input into the COMPASS programme, including any required interface into security management tools.

What you'll need to succeed

The ability to effectively articulate the requirement for security tooling and compliance of its outputs aligned to risk within Technology, in order to obtain management and operational team support.

To have a good cross section of security knowledge covering Security principles and Security standards, benchmarks and risk assessment framework, such as ISO27001 and IRAM 2.

To hold Professional membership of a major security body, CIISP, ISC2, ISAC, etc.

As a minimum, to be a Certified Information System Security Professional (CISSP) (or equivalent e.g. CISM). Also, preferable to have Certified Ethical Hacker (CEH) and ISO 27001 Lead Auditor.

Experience of delivering compliance for security environments, specifically vulnerability management and secure configuration. (Mandatory)

Managing huge complex data sets, from a variety of tools, to manage vulnerability mitigation, where this is not possible in existing management tools. (Mandatory)

Working with diverse operational teams to effectively mitigate routine and urgent vulnerabilities. (Mandatory)

Practical experience in one of IT Security, Physical Security, Systems Development, Systems Support \/ Operation (Mandatory)

Practical experience of defining key control indicators for operational effectiveness of tools (Mandatory)

What you'll get in return

Competitive salary
25 days annual leave (plus bank holidays)
10% on target bonus
Option to join the Healthcare Cash Plan
Pension scheme
Shares Plan
Flexible benefits: cycle to work, childcare vouchers, healthcare, etc.
Discounted products

What you need to do now

If you're interested in this role, click 'apply now' to forward an up-to-date copy of your CV, or call us now.
If this job isn't quite right for you but you are looking for a new position, please contact us for a confidential discussion on your career.

Hays Talent Solutions is a trading division of Hays Specialist Recruitment Limited and acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found at hays.co.uk