Vulnerability Management Lead

Role Summary

The role of Vulnerability Management is to triage vulnerabilities by relevance and criticality to the organisation. Vulnerability Management then identify mitigations for those vulnerabilities and advise on implementing them.

Role Expectations

Typically, this role level may include the following responsibilities:

• Manage complex information systems to understand and prioritise actions on Cyber Security risks, audit requirements and data value, and provide guidance to vulnerability management team members
• Manage the creation and implementation and lead development of vulnerability assessments for IT estates, including but not limited to application vulnerability assessments and infrastructure vulnerability assessments
• Drive prioritisation of those vulnerabilities through a risk-based approach, to meet common organisational objectives such as regulatory compliance and audit functions
• Manage the triage of vulnerabilities, ensuring mitigation measures are implemented, and managing the life cycle of vulnerability management for a set of assets, providing tailored advice on ways to improve control mechanisms and mitigate risks
• Recommend remediation strategies and provide advice on complex configuration changes in support of vulnerability remediation
• Proactively identify and leverage threat intelligence sources to inform strategic vulnerability mitigation measures
• Manage collaboration with stakeholders to create tactical plans relating to managing vulnerabilities, and oversee subsequent activities
• Demonstrate developed knowledge and understanding of approaches and tooling for performing vulnerability assessment against large and complex infrastructure
• Validate system configuration across multiple and complex interlinking systems
• Translate vulnerability management standards and best practice into organisation-specific policies, procedures and guidelines and champion standards and best practice outside security functions
• Explain the need for effective vulnerability management processes and implications of poor performances
• Lead development and implementation of effective vulnerability management programs across the enterprise to meet organisational and regulatory and compliance requirements
• Develop vulnerability assessment templates and test scripts to meet common organisational objectives such as regulatory compliance and internal audit functions

Entry route and progression

Internal

Suitable for an individual from the Government Security Profession, Digital, Data and Technology Profession, or Analytics Profession.

External

Suitable for an individual who has worked in penetration testing, application security and development security operations in the private sector.