Senior IT Manager - Threat and Vulnerability Toronto, Canada

Senior IT Manager - Threat and Vulnerability

Full Time • Toronto, Canada
Benefits:
  • 401(k)
  • 401(k) matching
  • Competitive salary
  • Dental insurance
  • Health insurance
  • Opportunity for advancement
  • Paid time off
  • Vision insurance
The Senior Manager of the Vulnerability and Attack Surface Management Team is a critical technical leadership role within our Information Security team with end-to-end responsibility for strategy, oversight and execution of the Company Vulnerability Management and Attack Surface Management capabilities.

This role requires a blend of strategic vision, strong leadership, technical expertise, superb communications, outstanding analytical and critical thinking to effectively lead and guide a team of security experts.

Responsibilities:

  • Continuously build and implement a strategic vision for the Vulnerability and Attack Surface Management program and its capabilities in alignment with organization’s Information Security and Information Technology programs, program goals and business objectives.
  • Drive all efforts crucial to ensure timely identification, analysis, and remediation of vulnerabilities across all IT assets, including applications, servers, networks, and endpoints.
  • Establish and maintain strong relationships with key partners, including business capabilities, infrastructure, networking, application development, compliance, communications and other executive and non-executive leadership.
  • Continuously evaluate emerging security threats, trends, and technologies for continuous analysis and improvement of the organization’s vulnerability and attack surface management capabilities.
  • Develop and implement processes for continuous attack surface monitoring and reduction, ensuring the organization’s exposure to threats is continuously minimized and optimally protected.
  • Be responsible for the configuration, operation, and maintenance of vulnerability testing and management platforms, attack surface management technologies, and other related tooling.
  • Provide technical guidance and support for vulnerability assessments, penetration testing, and attack surface management activities.
  • Maintain comprehensive vulnerability and attack surface management policies, standards, processes and procedures, and documentation thereof.
  • Lead ongoing execution and advancement of vulnerability scanning and assessment tools, techniques, and procedures.
  • Coordinate the scheduling and execution of regular vulnerability scans, assessments, and attack surface evaluations.
  • Ensure timely and effective communication of vulnerability and attack surface findings to relevant stakeholders.
  • Manage emergency response processes and activities related to discovered vulnerabilities and attack surface exposures in coordination with incident response and other supporting enterprise functions.
  • Track and report on the status of vulnerability remediation and attack surface reduction efforts, ensuring compliance with internal policies and external regulatory requirements.
  • Lead, mentor, and develop a team of vulnerability and attack surface management professionals, providing regular performance feedback and career development opportunities.
  • Supervise the recruitment and onboarding of new team members, ensuring the team is staffed with skilled and motivated individuals.
  • Monitor the vulnerability and attack surface management budget, including forecasting and expenditures.
  • Ensure compliance with all relevant laws, regulations, and standards related to information security, vulnerability management, and attack surface management.
  • Represent the vulnerability and attack surface management function in internal and external audits, assessments, and reviews.
Qualifications:

  • Advanced experience in information security, with at least 5 years in a hands-on vulnerability management and/or attack surface management role.
  • Understand the nature of vulnerabilities and weaknesses, and can articulate detection and remediation methods for vulnerabilities to technical and non-technical audiences.  
  • Expert-level understanding of vulnerability and attack surface testing and management techniques, processes and platforms.
  • Experience in designing, building, testing, implementing and refining workflows of varying complexity.
  • Solid understanding of common security frameworks (e.g., NIST, CIS, ISO).
  • Validated experience in leading and running security teams, with a track record of developing and implementing critical initiatives.
  • Superb communication, interpersonal, and leadership skills.
  • Relevant industry and technical training and/or certifications.




(if you already have a resume on Indeed)

Or apply here.

* required fields

Location
Or
Or