: ROLE Lead, Vulnerability Management
QUALIFICATION Bachelor\'s Degree in Computer Science or Information Technology, Master\'s Degree in Computer Science or Information Technology, MBA
EXPERIENCE 5-6 Years
CERTIFICATIONS * Certified Information System Security Profession (CISSP)

• CISCO Certified Network Associate (CCNA)
• Certified Information Security Manager (CISM)
• CompTIA Advance Security Practitioner
• GIAC Certified Enterprise Defender (GCED)
• Global Industrial Cyber Security Professional (GICSP)
• eLearnSecurity Certified Threat Hunting Professional (eCTHP)

PURPOSE Oversees the vulnerability management section within client. Provides direction and guidance to the team to perform vulnerability assessments of systems and networks. Heavily involved in budgeting and management reporting.
SKILLS * Skill to anticipate new security threats.

• Skill to remain aware of evolving technical infrastructures.
• Skill to use critical thinking to analyze organizational patterns and relationships.
• Skill in performing impact/risk assessments.
• Skill in conducting vulnerability scans and recognizing vulnerabilities in security systems.
• Skill in conducting application vulnerability assessments.
• Skill to develop insights about the context of an organization\'s threat environment
• Skill to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
• Skill in communicating with all levels of management including Board members (e.g., interpersonal skills, approachability, effective listening skills, appropriate use of style and language for the audience

JOB DESCRIPTION * Acquire and manage the necessary resources, including leadership support, financial resources, and key security personnel, to support cybersecurity goals and objectives and reduce overall organizational risk.

• Advise senior management (e.g., CIO) on cost/benefit analysis of information security programs, policies, processes, systems, and elements.
• Communicate the value of cybersecurity throughout all levels of the organization stakeholders.
• Develop and maintain vulnerability management strategic plans
• Interface with external organizations (e.g., public affairs, law enforcement, Command or Component Inspector General) to ensure appropriate and accurate dissemination of incident and other Computer Network Defense information.
• Lead and align cybersecurity priorities with the security strategy.
• Lead and oversee budget, staffing, and contracting with respect to vulnerability management
• Recommend vulnerability management policy and coordinate review and approval.
• Supervise or manage protective or corrective measures when a cybersecurity incident or vulnerability is discovered.
• Promote awareness of security issues among management and ensure sound security principles are reflected in the organization\'s vision and goals
• Oversee policy standards and implementation strategies to ensure procedures and guidelines comply with cybersecurity policies.
• Supervise and assign work to programmers, designers, technologists and technicians, and other engineering and scientific personnel.
• Coordinate with organizational manpower stakeholders to ensure appropriate allocation and distribution of human capital assets
• Perform an information security risk assessment
• Collaborate with key stakeholders to establish a cybersecurity risk management program
• Provides cybersecurity recommendations to leadership based on significant threats and vulnerabilities
• Ensure that security improvement actions are evaluated, validated, and implemented as required.
• Make recommendations regarding the selection of cost-effective security controls to mitigate risk (e.g., protection of information, systems and processes).
• Reporting to the senior management/board of client.

TOOLS Tenable SC, Tenable IO, Defender, SCCM, SIEM, PowerBI

KPMG