AVP of IT Vulnerability Management
Atlanta, GA
Applications have closed
The AVP of IT Vulnerability Management is responsible for developing, maintaining, and improving the Vulnerability Management program of AmeriSave Mortgage Corporation and its affiliates to ensure that the company's information systems and information assets are adequately protected. The AVP of Vulnerability Management will work with other IT leaders to assess, report, review, and mitigate the vulnerabilities that bring higher levels of risk to the organization through its IT systems. The functional scope of this role includes IT Vulnerability Management, Information Security, IT Systems Security, IT Systems Implementation, SecDevOps, and overall IT and information risk awareness.
AmeriSave Mortgage Corporation’s California Consumer Privacy Act Policy Statement (“Policy”) can be reviewed here: www.amerisave.com/privacy-policy.
When AmeriSave’s Human Resources Department makes future requests for personal information, the same Policy is applicable. By applying, you understand this acknowledgment covers current and future personal information requests. You also acknowledge the business purpose of the personal information collected and that future requests may occur while applying for a position at AmeriSave and/or during employment, if applicable.
ESSENTIAL FUNCTIONS
- Establish, maintain, and communicate a clear and comprehensive IT Vulnerability Management program aligned to industry standard framework(s); own the program as a leader and be the main point of contact and subject matter expert
- Implement, define, and improve AmeriSave policies, standards, and procedures for the Vulnerability Management service, including: vulnerability scanning, vulnerability reporting, coordination of patch management, secure coding practices, and secure code testing
- Identify systems vulnerabilities and provide proper consultation for remediation
- Provide system administration support for vulnerability scanning and application testing technologies
- Work with End-User Computing, Datacenter, Network, and Cloud services teams to ensure standard systems development does not expand the threat landscape of the organization
- Work with software development teams to ensure they are utilizing secure coding standards and code testing capabilities, reducing risk prior to code transitioning to the production environment
- Keep abreast of relevant trends and threats, and translate these for AmeriSave based on relevant threats and vulnerabilities
- Develop training programs for awareness within the organization and specialist training for targeted groups to stay up-to-date with new developments and requirements related to secure coding practices
- Establish and drive metrics, analytics, reporting mechanisms and services, maturity models, and a roadmap for continual program improvements.
- Facilitate compliance with the AmeriSave policies and external regulations
OTHER DUTIES
- Prepare formal reports and presentations of findings and recommendations
- Author IT vulnerability guidelines, principles, policies, and standards for information / data stewards, stakeholders, and development teams
- Capable of developing custom reporting scripts using standard data querying languages and tools
- Manage, develop, train, coach and mentor staff on projects and assess performance for engagement and year-end reviews
- Other duties, as assigned
CORE COMPETENCIES
- Ability to understand the entire AmeriSave IT landscape, identify vulnerabilities, and connect to system and process owners via standardized processes to remediate identified vulnerabilities
- Experience executing security testing activities, such as penetration testing and application/vulnerability assessments
- Security knowledge across various security domains and technologies (e.g., databases, operating systems, networking, applications, access controls, and identity management)
- Maintain up-to-date understanding of technology trends and developments in the areas of information technology and security
- Ability to understand business processes and needs, gain buy-in and influence change
- Ability to drive execution of defined goals through effective interaction with IT services teams
- Ability to frame security and IT vulnerability-related concepts to both technical and non-technical audiences
- Highly developed analytical, structured problem-solving skills; analytics and inquisitive mind-set
- Highly developed knowledge in information security, IT risk, IT auditing, cloud, datacenter, and end-user computing systems vulnerabilities
- Strong patch management acumen in all types of IT endpoints, with the ability to translate these into concrete actions / action plans, driving proper remediation with the various IT teams
- LEADERSHIP RESPONSIBILITY This position will lead a team of vulnerability management professionals.
- WORK ENVIRONMENT This position is in Atlanta, GA (Buckhead) and operates in a professional office environment.
- POSITION TYPE/STANDARD SCHEDULE This is a Full-time position and hours of work are Monday through Friday; 8:00 a.m. to 5 p.m.
- TRAVEL No travel will be required for this role.
MINIMUM REQUIRED EDUCATION & EXPERIENCE
- Bachelor's degree is required; degree in computer science, information systems, information security/assurance, business administration, or another related field preferred
- 10+ years relevant experience in related fields, qualifying experience could be obtained through roles in information security, cloud security, information technology, end-user computing, and/or IT vulnerability management
- 3+ years as a manager, team lead or supervisor
- Familiarity with Vulnerability Management frameworks required
- Experience in standing up new teams, establishing and documenting processes and procedures, and communicating service to relevant teams across IT
- Expertise and professional experience working in Windows, Mac and Linux environments
- Experience and knowledge regarding Cloud infrastructure and Cloud security capabilities, including Microsoft Azure and Google Cloud Services
- General knowledge of the SecDevOps role in IT Security
- General understand of code languages, development environments, and the application testing process
- Strong communication skills with the ability to talk with business and technical parties across all levels of the organization
- Strong time management skills and experience handling multiple assignments with competing priorities
- Strong analytical and technical skills
- Experience in the fields of mortgage, banking, insurance, financial services, technology or similar preferred
AmeriSave Mortgage Corporation’s California Consumer Privacy Act Policy Statement (“Policy”) can be reviewed here: www.amerisave.com/privacy-policy.
When AmeriSave’s Human Resources Department makes future requests for personal information, the same Policy is applicable. By applying, you understand this acknowledgment covers current and future personal information requests. You also acknowledge the business purpose of the personal information collected and that future requests may occur while applying for a position at AmeriSave and/or during employment, if applicable.
Tags: Analytics Audits Azure Banking Cloud Compliance Computer Science GCP Linux Pentesting Privacy Vulnerabilities Vulnerability management Windows
Perks/benefits: Career development
Region:
North America
Country:
United States
Job stats:
10
1
0
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Ethical hacker / Pentester H/F jobs
- Open Information Security Specialist jobs
- Open Cyber Security Specialist jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Architect jobs
- Open Senior Cyber Security Engineer jobs
- Open Product Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Staff Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open IT Security Engineer jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Agile-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open SaaS-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Security Clearance-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open Malware-related jobs
- Open EDR-related jobs
- Open CEH-related jobs
- Open Kubernetes-related jobs
- Open Forensics-related jobs