Skip to content

Head of Vulnerability & Threat Management (IT Security)

Job Category:

Information Tech

Job Level:

Managerial

Open Date:

12-Oct-2021

Location:

TAGUIG CITY

Close date:

11-Nov-2021

Client Industry:

FINTECH

Job Description and Qualification:

The Vulnerability & Threat Management (VTM) Program is a critical role within Information Security Group as it enables overall oversight and governance of the security state across all important assets (information, technology, and applications). The VTM Manager will be leading a team of Information Security/Risk Management professionals to develop, implement, and execute industry-leading vulnerability & threat management services, vulnerability remediation and patch management oversight across the enterprise.

ROLES AND RESPONSIBILITIES
Provides team direction and establishes individual goals and objectives. Coach and mentor staff and ensure their performance goals are met.
Develop, implement, and execute industry-leading vulnerability & threat management services, vulnerability remediation and patch management oversight across enterprise.
Drive risk-based vulnerability prioritization, reporting, and developing remediation steps
Deliver workshop processes and runbooks for vulnerability identification, analysis, remediation, and reporting
Manage planning and execution of corporate vulnerability assessments and penetration testing engagements
Analyze threat and vulnerability feeds and analyze data for applicability in the environment
Produce vulnerability, configuration, and coverage metrics and reporting to demonstrate assessment coverage and remediation effectiveness
Executive level reporting and management of a threat database
Work with Risk Management teams to escalate risk and create mitigation plans
Report on the state of system security, threat, vulnerability, and patch management for all stakeholders.


SKILLS, QUALIFICATIONS AND COMPETENCIES
BS/BA in ICT, Computer Science or related field or equivalent work experience.
5+ years work experience in Information Security, Network Security, IT Security, Cybersecurity, IT Risk Management, or related roles.
Must have experience in managing a small to midsize team. Demonstrable people leadership skills.
Must have Technical expertise in Application and Infrastructure Security
Excellent reporting and data analysis skills
Excellent verbal and technical writing communication, and project management skills.
Knowledgeable with OWASP vulnerabilities and methodology, CIS Benchmark, and NIST
Experience with tools like Burp Suite, AppSpider, and other Vulnerability Scanners.
Recognized industry certification such as CISSP, CEH, Security+ are a major plus.
Experience with PCI DSS and ISO 27001 is a plus.