Cybersecurity Manager - Vulnerability Management
Cleveland, OH, United States
Sherwin-Williams
No matter where you are in the world or what surfaces you are painting or coating, Sherwin-Williams provides innovative paint solutions that ensure your success.The Cybersecurity Vulnerability Management Manageris responsible for leading the team that identifies, evaluates, and mitigates vulnerabilities within the company’s IT infrastructure. Key responsibilities include scanning visibility, syncrnization with IT patch management, vulnerablity remediation management, exeption management and the generation of appropriate metrics and process management. The incumbent will oversee cross-functional initiatives that require coordination between internal IT, business teams and external vendors. The principal objective will be to guide, influence, and negotiate with key decision-makers to ensure adherence to our vulnerability management requirements and SLAs.
The VM leader will collaberate directly the PSG IT organization, DT infrastructure and the Cybersecurity team to ensure appropriate processes are being followed along with the highest risk vulnerabilities being prioritized. The VM leader will work directly with key leaders across these organizations to determine acceptable levels of risk to remediation and ensure these agreements are documents, measures and the informaiton shared across Sherwin.The VM leader should have the ability to understand and artiiculate the impact of vulnerabilites across the Sherwin ecosystem and be able to communicate this to multiple levels within the organization.
The ideal candidate will have a strong background in cybersecurity, project management, leadership skills, and a proactive approach to protecting our systems and data.
Reporting to this individual will be a cross functional team of full-time employees and coops. The team makeup currently includes 3 FTE with additional Coops.
ESSENTIAL FUNCTIONS:
- Team Leadership: Manage and lead a team of vulnerability and scanning analysts as well as reporting capabilities.
- Provide mentorship, set employee objectives, monitor and evaluate performance, provide feedback and ensure professional growth and development.
- Vulnerability Assessment: Oversee the regular scanning and analysis of the company’s networks, applications, and systems to identify vulnerabilities.
- Risk Evaluation: Prioritize vulnerabilities based on risk and develop strategic plans for mitigation or remediation.
- Develop dashboards and actionable steps to enable asset owners to develop remediation strategies and reduce the attack surface.
- Patch Management: Collaborate with IT and development teams to ensure timely patching of vulnerabilities.
- Partner with asset owners and stakeholders across the organization to drive vulnerability remediation
- Educate teams on best practices for vulnerability management and remediation
- Compliance and Reporting: Ensure compliance with relevant security regulations and standards. Prepare and present regular vulnerability exposure reports to senior management.
- Incident Response: Support incident response teams in the event of a security breach or other incidents.
- Policy Development: Develop and refine vulnerability management policies and procedures to enhance the organization's security posture.
- Stakeholder Communication: Act as a key point of contact for vulnerability management issues within the organization. Communicate effectively with other managers and stakeholders to align security measures with business objectives.
- Technology Evaluation: Keep abreast of new security technologies and integrate innovative tools and technologies to enhance vulnerability management capabilities.
- Budget Management: Manage the budget for the vulnerability management team, including tools, technologies, and training.
This position is not eligible for sponsorship for work authorization now or in the future, including conversion to H1-B visa.
This position has a hybrid work schedule with three days in the office and the option for working remotely two days.
Required:
- 12+ years of experience in IT or cybersecurity
- 6+ years of leading and managing a team of direct reports
- Proven leadership experience with the ability to manage and develop a team.
- Understanding of network security protocols, cryptography, and application security.
- Understanding of security systems, including firewalls, intrusion detection systems, anti-virus software, authentication systems, log management, content filtering, etc.
- Technical infrastructure knowledge (i.e. Windows OS, Linux, container environments and cloud)
- Familiarity with compliance and regulatory frameworks such as NIST, GDPR, and PCI-DSS.
- Excellent analytical, problem-solving, and decision-making skills, with a detail-oriented approach.
- Strong interpersonal and communication skills, capable of writing clear and comprehensive reports and delivering presentations.
Preferred:
- Manufacturing / Operation Technology experience
- Experience with ServiceNow Platform
- Industry Certification (one or more of the below)
- Certified Information Systems Security Professional (CISSP)
- Certified Information Security Manager (CISM)
- CompTIA Security+
- Strong commitment to inclusion and diversity.
- Minimal travel, up to 5%, may be required.
- Work outside the standard office 7.5-hour workday may be required.
- Commitment to fostering a culture of inclusion and diversity
At Sherwin-Williams, part of our mission is to help our employees and their families live healthier, save smarter and feel better. This starts with a wide range of world-class benefits designed for you. From retirement to health care, from total well-being to your daily commute—it matters to us. A general description of benefits offered can be found at http://www.myswbenefits.com/. Click on “Candidates” to view benefit offerings that you may be eligible for if you are hired as a Sherwin-Williams employee.
Compensation decisions are dependent on the facts and circumstances of each case and will impact where actual compensation may fall within the stated wage range. The wage range listed for this role takes into account the wide range of factors considered in making compensation decisions including skill sets; experience and training; licensure and certifications; and other business and organizational needs. The disclosed range estimate has not been adjusted for the applicable geographic differential associated with the location at which the position may be filled.
The wage range, other compensation, and benefits information listed is accurate as of the date of this posting. The Company reserves the right to modify this information at any time, with or without notice, subject to applicable law.
Sherwin-Williams is proud to be an Equal Employment Opportunity/Affirmative Action employer committed to an inclusive and diverse workplace. All qualified candidates will receive consideration for employment and will not be discriminated against based on race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability, age, pregnancy, genetic information, creed, marital status or any other consideration prohibited by law or by contract.
As a VEVRAA Federal Contractor, Sherwin-Williams requests state and local employment services delivery systems to provide priority referral of Protected Veterans.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Application security CISM CISSP Cloud Compliance CompTIA Cryptography Firewalls GDPR Incident response Intrusion detection IT infrastructure Linux Network security NIST SLAs Vulnerabilities Vulnerability management Windows
Perks/benefits: Career development Health care Travel
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Senior Cybersecurity Engineer jobs
- Open Security Operations Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Senior Cyber Security Engineer jobs
- Open Information Security Officer jobs
- Open Principal Security Engineer jobs
- Open Senior Product Security Engineer jobs
- Open Information Security Specialist jobs
- Open Chief Information Security Officer jobs
- Open IT Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Network Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Analyst jobs
- Open IT Security Analyst jobs
- Open Manager Pentest H/F jobs
- Open Security Consultant jobs
- Open Security Operations Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Information Security Architect jobs
- Open SOC-related jobs
- Open Risk assessment-related jobs
- Open Agile-related jobs
- Open Network security-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open ISO 27001-related jobs
- Open GCP-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Threat intelligence-related jobs
- Open Vulnerability management-related jobs
- Open DevOps-related jobs
- Open DoD-related jobs
- Open Malware-related jobs
- Open Security Clearance-related jobs
- Open APIs-related jobs
- Open CEH-related jobs
- Open Security assessment-related jobs
- Open EDR-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open SaaS-related jobs
- Open DevSecOps-related jobs