Cybersecurity Manager - Vulnerability Management

The  Cybersecurity Vulnerability Management Manageris responsible for leading the team that identifies, evaluates, and mitigates vulnerabilities within the company’s IT infrastructure. Key responsibilities include scanning visibility, syncrnization with IT patch management, vulnerablity remediation management, exeption management and the generation of appropriate metrics and process management. The incumbent will oversee cross-functional initiatives that require coordination between internal IT, business teams and external vendors. The principal objective will be to guide, influence, and negotiate with key decision-makers to ensure adherence to our vulnerability management requirements and SLAs. 

The VM leader will collaberate directly the PSG IT organization, DT infrastructure and the Cybersecurity team to ensure appropriate processes are being followed along with the highest risk vulnerabilities being prioritized.  The VM leader will work directly with key leaders across these organizations to determine acceptable levels of risk to remediation and ensure these agreements are documents, measures and the informaiton shared across Sherwin.The VM leader should have the ability to understand and artiiculate the impact of vulnerabilites across the Sherwin ecosystem and be able to communicate this to multiple levels within the organization.

The ideal candidate will have a strong background in cybersecurity, project management, leadership skills, and a proactive approach to protecting our systems and data.

Reporting to this individual will be a cross functional team of full-time employees and coops.  The team makeup currently includes 3 FTE with additional Coops.

ESSENTIAL FUNCTIONS:

• Team Leadership: Manage and lead a team of vulnerability and scanning analysts as well as reporting capabilities. 
• Provide mentorship, set employee objectives, monitor and evaluate performance, provide feedback and ensure professional growth and development.
• Vulnerability Assessment: Oversee the regular scanning and analysis of the company’s networks, applications, and systems to identify vulnerabilities.
• Risk Evaluation: Prioritize vulnerabilities based on risk and develop strategic plans for mitigation or remediation.
• Develop dashboards and actionable steps to enable asset owners to develop remediation strategies and reduce the attack surface.
• Patch Management: Collaborate with IT and development teams to ensure timely patching of vulnerabilities.
• Partner with asset owners and stakeholders across the organization to drive vulnerability remediation 
• Educate teams on best practices for vulnerability management and remediation
• Compliance and Reporting: Ensure compliance with relevant security regulations and standards. Prepare and present regular vulnerability exposure reports to senior management.
• Incident Response: Support incident response teams in the event of a security breach or other incidents.
• Policy Development: Develop and refine vulnerability management policies and procedures to enhance the organization's security posture.
• Stakeholder Communication: Act as a key point of contact for vulnerability management issues within the organization. Communicate effectively with other managers and stakeholders to align security measures with business objectives.
• Technology Evaluation: Keep abreast of new security technologies and integrate innovative tools and technologies to enhance vulnerability management capabilities.
• Budget Management: Manage the budget for the vulnerability management team, including tools, technologies, and training.

This position is not eligible for sponsorship for work authorization now or in the future, including conversion to H1-B visa.

This position has a hybrid work schedule with three days in the office and the option for working remotely two days.

Required:

• 12+ years of experience in IT or cybersecurity
• 6+ years of leading and managing a team of direct reports
• Proven leadership experience with the ability to manage and develop a team.
• Understanding of network security protocols, cryptography, and application security.
• Understanding of security systems, including firewalls, intrusion detection systems, anti-virus software, authentication systems, log management, content filtering, etc.
• Technical infrastructure knowledge (i.e. Windows OS, Linux, container environments and cloud)
• Familiarity with compliance and regulatory frameworks such as NIST, GDPR, and PCI-DSS.
• Excellent analytical, problem-solving, and decision-making skills, with a detail-oriented approach.
• Strong interpersonal and communication skills, capable of writing clear and comprehensive reports and delivering presentations.

Preferred:

• Manufacturing / Operation Technology experience
• Experience with ServiceNow Platform
• Industry Certification (one or more of the below)
• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• CompTIA Security+
• Strong commitment to inclusion and diversity. 
• Minimal travel, up to 5%, may be required.
• Work outside the standard office 7.5-hour workday may be required.
• Commitment to fostering a culture of inclusion and diversity

Here, we believe there’s not one path to success, we believe in careers that grow with you. Whoever you are or wherever you come from in the world, there’s a place for you at Sherwin-Williams. We provide you with the opportunity to explore your curiosity and drive us forward. Sherwin-Williams values the unique talents and abilities from all backgrounds and characteristics. All qualified individuals are encouraged to apply, including individuals with disabilities and Protected Veterans. We’ll give you the space to share your strengths and we want you show us what you can do. You can innovate, grow and discover in a place where you can thrive and Let Your Colors Show! 
At Sherwin-Williams, part of our mission is to help our employees and their families live healthier, save smarter and feel better. This starts with a wide range of world-class benefits designed for you. From retirement to health care, from total well-being to your daily commute—it matters to us. A general description of benefits offered can be found at http://www.myswbenefits.com/. Click on “Candidates” to view benefit offerings that you may be eligible for if you are hired as a Sherwin-Williams employee.
Compensation decisions are dependent on the facts and circumstances of each case and will impact where actual compensation may fall within the stated wage range. The wage range listed for this role takes into account the wide range of factors considered in making compensation decisions including skill sets; experience and training; licensure and certifications; and other business and organizational needs. The disclosed range estimate has not been adjusted for the applicable geographic differential associated with the location at which the position may be filled.
The wage range, other compensation, and benefits information listed is accurate as of the date of this posting. The Company reserves the right to modify this information at any time, with or without notice, subject to applicable law.
Sherwin-Williams is proud to be an Equal Employment Opportunity/Affirmative Action employer committed to an inclusive and diverse workplace. All qualified candidates will receive consideration for employment and will not be discriminated against based on race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability, age, pregnancy, genetic information, creed, marital status or any other consideration prohibited by law or by contract.
As a VEVRAA Federal Contractor, Sherwin-Williams requests state and local employment services delivery systems to provide priority referral of Protected Veterans.