I can succeed as a Vulnerability Management Manager at Capital Group. As a Vulnerability Management Manager, you will lead and develop the Security Operations Vulnerability Management team who proactively identify, analyze, prioritize, track to remediation and report vulnerability risk within CG's technology systems.Responsibilities:
- You will be responsible for the proactive identification, assignment, and remediation accountability of vulnerabilities and misconfigurations on CG technology systems
- You will ensure the consistent assessment of vulnerability risk through application of industry intelligence and knowledge of CG's technology environment
- You will provide vulnerability and/or misconfiguration remediation guidance, risk-awareness, and education to engineering and development teams
- You will regularly report KRIs, identify root causes and drive solutions for improving vulnerability remediation performance with technology leadership
- You will ensure past due vulnerabilities are escalated to leadership and exception processes are executed in alignment with risk acceptance frameworks and policies
- You will mature team processes, tooling and relevant documentation in support of continuous improvement measured through OKRs, KPIs and KRIs
- You will ensure compliance to regulatory expectations and proactively identify needed process changes
- You will provide recommendations that continuously improve risk severity calculations and remediation assignments
- You will establish and maintain KPIs that measure the performance and coverage of vulnerability scanner appliances, schedules, and scopes to ensure accurate, timely and complete scan results
I am the person Capital Group is looking for. In addition to team leadership and direct report development, the ideal candidate will have diverse experiences in a wide variety of Information Technology systems, vulnerabilities, misconfigurations, risk management, data analysis, and influencing organizational change through strong relationship and consulting skills.
- You have 8+ years of experience in managing security risk and driving mitigation activities
- You have a bachelor's degree in computer science, information security or related field (or equivalent work experience)
- You have experience leading and developing a team in a people management role
- You have experience designing and implementing operational processes to ensure delivery and improvement of target KPIs and KRIs
- You are comfortable articulating vulnerability risk and influencing change with a wide variety of audiences
- You have a strong understanding of application and infrastructure vulnerabilities, how they are exploited and mitigated
- You have demonstrated experience in identifying actionable insights from large, complex data sets
- You have a broad understanding of legacy and modern IT infrastructure and application stacks
- You have experience with public cloud infrastructure, common misconfigurations, and recommended architectures (AWS, Azure, GCP)
- You hold security related certifications (CISSP, GIAC, CISA, CISM)
- You hold public cloud provider certifications (AWS, Azure, GCP)
- You have hands on experience with scripting languages such as Python, Powershell
Southern California Base Salary Range: $173,211-$277,138 San Antonio Base Salary Range: $142,394-$227,830New York Base Salary Range: $183,613-$293,781In addition to a highly competitive base salary, per plan guidelines, restrictions and vesting requirements, you also will be eligible for an individual annual performance bonus, plus Capital's annual profitability bonus plus a retirement plan where Capital contributes 15% of your eligible earnings.You can learn more about our compensation and benefits here.* Temporary positions in Canada and the United States are excluded from the above mentioned compensation and benefit plans.We are an equal opportunity employer, which means we comply with all federal, state and local laws that prohibit discrimination when making all decisions about employment. As equal opportunity employers, our policies prohibit unlawful discrimination on the basis of race, religion, color, national origin, ancestry, sex (including gender and gender identity), pregnancy, childbirth and related medical conditions, age, physical or mental disability, medical condition, genetic information, marital status, sexual orientation, citizenship status, AIDS/HIV status, political activities or affiliations, military or veteran status, status as a victim of domestic violence, assault or stalking or any other characteristic protected by federal, state or local law.