AVP of IT Vulnerability Management

The AVP of IT Vulnerability Management is responsible for developing, maintaining, and improving the Vulnerability Management program of AmeriSave Mortgage Corporation and its affiliates to ensure that the company's information systems and information assets are adequately protected.  The AVP of Vulnerability Management will work with other IT leaders to assess, report, review, and mitigate the vulnerabilities that bring higher levels of risk to the organization through its IT systems.  The functional scope of this role includes IT Vulnerability Management, Information Security, IT Systems Security, IT Systems Implementation, SecDevOps, and overall IT and information risk awareness. 

ESSENTIAL FUNCTIONS

• Establish, maintain, and communicate a clear and comprehensive IT Vulnerability Management program aligned to industry standard framework(s); own the program as a leader and be the main point of contact and subject matter expert
• Implement, define, and improve AmeriSave policies, standards, and procedures for the Vulnerability Management service, including: vulnerability scanning, vulnerability reporting, coordination of patch management, secure coding practices, and secure code testing
• Identify systems vulnerabilities and provide proper consultation for remediation
• Provide system administration support for vulnerability scanning and application testing technologies
• Work with End-User Computing, Datacenter, Network, and Cloud services teams to ensure standard systems development does not expand the threat landscape of the organization
• Work with software development teams to ensure they are utilizing secure coding standards and code testing capabilities, reducing risk prior to code transitioning to the production environment
• Keep abreast of relevant trends and threats, and translate these for AmeriSave based on relevant threats and vulnerabilities
• Develop training programs for awareness within the organization and specialist training for targeted groups to stay up-to-date with new developments and requirements related to secure coding practices
• Establish and drive metrics, analytics, reporting mechanisms and services, maturity models, and a roadmap for continual program improvements.
• Facilitate compliance with the AmeriSave policies and external regulations

OTHER DUTIES

• Prepare formal reports and presentations of findings and recommendations
• Author IT vulnerability guidelines, principles, policies, and standards for information / data stewards, stakeholders, and development teams
• Capable of developing custom reporting scripts using standard data querying languages and tools
• Manage, develop, train, coach and mentor staff on projects and assess performance for engagement and year-end reviews
• Other duties, as assigned

CORE COMPETENCIES

• Ability to understand the entire AmeriSave IT landscape, identify vulnerabilities, and connect to system and process owners via standardized processes to remediate identified vulnerabilities
• Experience executing security testing activities, such as penetration testing and application/vulnerability assessments
• Security knowledge across various security domains and technologies (e.g., databases, operating systems, networking, applications, access controls, and identity management)
• Maintain up-to-date understanding of technology trends and developments in the areas of information technology and security
• Ability to understand business processes and needs, gain buy-in and influence change
• Ability to drive execution of defined goals through effective interaction with IT services teams
• Ability to frame security and IT vulnerability-related concepts to both technical and non-technical audiences
• Highly developed analytical, structured problem-solving skills; analytics and inquisitive mind-set
• Highly developed knowledge in information security, IT risk, IT auditing, cloud, datacenter, and end-user computing systems vulnerabilities
• Strong patch management acumen in all types of IT endpoints, with the ability to translate these into concrete actions / action plans, driving proper remediation with the various IT teams

• LEADERSHIP RESPONSIBILITY
This position will lead a team of vulnerability management professionals.

• WORK ENVIRONMENT
This position is in Atlanta, GA (Buckhead) and operates in a professional office environment. 
• POSITION TYPE/STANDARD SCHEDULE
This is a Full-time position and hours of work are Monday through Friday; 8:00 a.m. to 5 p.m. 
• TRAVEL
No travel will be required for this role.

MINIMUM REQUIRED EDUCATION & EXPERIENCE

• Bachelor's degree is required; degree in computer science, information systems, information security/assurance, business administration, or another related field preferred
• 10+ years relevant experience in related fields, qualifying experience could be obtained through roles in information security, cloud security, information technology, end-user computing, and/or IT vulnerability management
• 3+ years as a manager, team lead or supervisor
• Familiarity with Vulnerability Management frameworks required
• Experience in standing up new teams, establishing and documenting processes and procedures, and communicating service to relevant teams across IT
• Expertise and professional experience working in Windows, Mac and Linux environments
• Experience and knowledge regarding Cloud infrastructure and Cloud security capabilities, including Microsoft Azure and Google Cloud Services
• General knowledge of the SecDevOps role in IT Security
• General understand of code languages, development environments, and the application testing process
• Strong communication skills with the ability to talk with business and technical parties across all levels of the organization
• Strong time management skills and experience handling multiple assignments with competing priorities
• Strong analytical and technical skills
• Experience in the fields of mortgage, banking, insurance, financial services, technology or similar preferred

California Consumer Privacy Act Disclosure AcknowledgmentEmployment Applicants, New Hires, and Employees Residing in California
AmeriSave Mortgage Corporation’s California Consumer Privacy Act Policy Statement (“Policy”) can be reviewed here: www.amerisave.com/privacy-policy.   
When AmeriSave’s Human Resources Department makes future requests for personal information, the same Policy is applicable. By applying, you understand this acknowledgment covers current and future personal information requests. You also acknowledge the business purpose of the personal information collected and that future requests may occur while applying for a position at AmeriSave and/or during employment, if applicable.