Vulnerability Management Principal

Role Summary

The role of Vulnerability Management is to triage vulnerabilities by relevance and criticality to the organisation. Vulnerability Management then identify mitigations for those vulnerabilities and advise on implementing them.

Role Expectations

Typically, this role level may include the following responsibilities:

• Lead complex information systems to understand and prioritise actions on Cyber Security risks, audit requirements and data value, and provide specialist or complex guidance to vulnerability management teams and external senior stakeholders
• Lead the development and implementation of multiple vulnerability assessments and enterprise-wide scanning strategies across multiple complex environments, while leading in prioritising those vulnerabilities through a risk-based approach
• Lead the triage of vulnerabilities, ensuring mitigation measures are implemented, and oversee the life cycle of vulnerability management for a set of assets, providing tailored specialist or complex advice on ways to improve control mechanisms and mitigate risks
• Lead senior stakeholder engagement across government to create strategic plans for managing vulnerabilities and remediation activities
• Create organisational principles and vision that will provide the basis for triaging vulnerabilities
• Provide advice to senior leadership on ways to improve control mechanisms, identify, evaluate, and mitigate risks
• Develop bespoke templates and test scripts to meet uncommon or complex organisational objectives
• Set the organisation’s vulnerability management strategy including people, process and technology elements
• Ensure organisation-specific vulnerability management policies, procedures and guidelines are aligned with organisational objectives and risk appetite
• Set direction and approve investment in strategic tooling and capability to address strategic enterprise-wide risk
• Develop bespoke templates and test scripts to meet uncommon or complex organisational objectives

Entry route and progression

Internal

Suitable for an individual from the Government Security Profession, Digital, Data and Technology Profession, or Analytics Profession.

External

Suitable for an individual who has worked in penetration testing, application security and development security operations in the private sector.