Senior Manager Vulnerability Management

What You Need To Know

Open the door to a groundbreaking tech career with an industry leader. Southern Glazer’s Wine & Spirits is North America’s preeminent wine and spirits distributor, as well as a family-owned, privately held company with a 50+ year legacy of success. To create a new era in alcohol beverage sales and service, we’re heavily invested in the most transformative new technologies – and the most brilliant tech professionals. Southern Glazer’s was named by Newsweek as a Most Loved Workplace and is included on the Forbes lists for Largest Private Companies and Best Employers for Diversity.

As a full-time employee, you can choose from a full menu of our Top Shelf Benefits, including comprehensive medical and prescription drug coverage, dental and vision plans, tax-saving Flexible Spending Accounts, disability coverage, life insurance plans, and a 401(k) plan. We also offer tuition reimbursement, a wellness program, parental leave, vacation accrual, paid sick leave, and more.

We offer continuous learning and career growth in a fast-paced environment where you are respected, your voice is heard, and technology is part of our strategy for success. If you’re looking to fill your glass with opportunity, come join our FAMILY.

Overview

The Senior Manager, Vulnerability Management role will manage the Vulnerability Management team. This position is responsible for leading a team of Vulnerability Management professionals that identify, assess, and partner with other teams and application owners to remediate security vulnerabilities. This role will work closely with other teams and application owners to provide guidance on patching software and hardware vulnerabilities that have been identified in Enterprise and OT environments.

Specialized Skills and Technologies

• Proficient in using vulnerability scanning and assessment tools for OT and Enterprise Environments
• Able to communicate the impact of a vulnerability effectively including what it affects, how it is exploited, and the result of exploitation
• Possess deep understanding of multiple Operating Systems (Windows, Linux, AIX, etc.) and how vulnerabilities impact them
• Solid knowledge of current and emerging technologies
• Excellent teaching, problem-solving, communication, and interpersonal skills
• Solid understanding of networking, systems, and security related technologies
• Extensive knowledge of cybersecurity principles, threats, and attack types
• Solid understanding of security frameworks such as NIST, ISO 27001, etc.
• Understanding of how to perform incident response and assist in investigations with relation to an exploited vulnerability 
• Knowledge of vulnerability information sources and how they are used is mandatory
• Ability and desire to lead and the flexibility to also share the duties of the technical team
• Willingness to mentor, train, and share knowledge with peers
• Ability to build and maintain relationships, provide mentorship, and present ideas in an effective manner
• Ability to utilize staff strengths, develops staff in weak areas, and constructively address staff performance problems

Primary Responsibilities

• Develops and maintains a vulnerability management strategy to include patching strategies, prioritization of vulnerabilities, and ensuring remediation SLAs are met
• Works closely with system administrators, developers, and application owners to ensure remediation is performed within the SLA window
• Utilizes vulnerability scanning tools and software to identify vulnerabilities
• Present reports that document upwards and downward trends, remediation efforts, and progress to management
• Manages internal operations projects that may require cross-department resources and coordination
• Provides analysis and prioritization of vulnerabilities based on severity, impact, and exploitability
• Manages all facets of vulnerability management including Operational Technology (OT) environments
• Detects and responds to security threats by implementing various continuous monitoring tools in major cloud environments
• Follows up with teams responsible for patching to ensure vulnerabilities are being addressed in a timely manner
• Ensures that vulnerability management processes are followed and aligned with internal security policies and best practices
• Collaborates with other security teams to ensure policies, procedures, and standards are in place and maintained
• Analyzes activities and documented resolutions, identifies problem areas, devise, and deliver solutions to enhance quality of service and prevent future issues
• Defines key operational metrics, develop reporting, and sets targets to continuously improve
• Directs and participates in Information Security projects and supports team efforts for day-to-day operations
• Sets staff goals and training, defines technology priorities, and develops long-term strategies to manage and scale the information security program
• Supervises one or more staff and provides them with technical guidance and mentoring
• Aggressively automates repeated tasks to allow the team to scale with the organization’s growth
• Communicates and acts as liaison with end users and colleagues
• Communicates progress on priorities and budget to management and team
• Serves as a member of the team as a technical leader
• Serves as a subject matter expert inside of SGWS and assists with complex issues pertaining to vulnerability management as needed
• Participates in on-call rotation
• Recruits staff including interviewing, hiring, assigning work, training, coaching, and counseling ensuring consistent application of Employee Guidelines, processes, and procedures
• Conducts performance reviews and holds employees accountable for optimal performance of their responsibilities
• Organizes the Vulnerability Management team to ensure it is focused on the information security related needs, goals, and concerns of our business
• Provides feedback on performance throughout the year, initiates performance plans and disciplinary actions at appropriate times, plans ahead to prepare and present appraisal to salaried employees

Preferred Qualifications

• Master’s Degree 
• Active CISSP or other relevant security-related certification
• Scripting and/or programming skills

Minimum Qualifications

• Bachelor’s degree and formal education in relevant disciplines (Business, Engineering, Information Systems, Computer Science, Mathematics or relevant degree)
• Minimum 12 years of experience working with technical configurations and varying technologies in a fast-paced environment
• Minimum 7 years of experience in managing a team of Information Technology professionals
• Critical and creative thinker
• Problem Solver
• Strategic Thinker
• Excellent presentation and facilitation skills
• Adaptable and able to manage change
• Superior interpersonal, communication and presentation skills
• Demonstrates ability to monitor project progress by tracking activities, issues/ risks/dependencies, and provides recommendation for resolution
• Business Acumen
• Effective Communication

Agile Delivery Values

• Openness – Team and stakeholders agree to be open about all work and challenges 
• Commitment – Personally commit to achieving the goals of the team 
• Respect – Respect your team members to be capable and independent 
• Courage – You have courage to do the right thing and work on tough problems 
• Focus – Everyone focus on the work in the sprint and the goal of the scrum team.  Rise and fall as a team 

Physical Demands

• Physical demands include a considerable amount of time sitting and typing/keyboarding, using a computer (e.g., keyboard, mouse, and monitor), or mobile device
• Physical demands with activity or condition may occasionally include walking, bending, reaching, standing, squatting, and stooping
• May require occasional lifting/lowering, pushing, carrying, or pulling up to 20lbs

EEO Statement

Southern Glazer's Wine and Spirits, an Affirmative Action/EEO employer, prohibits discrimination and harassment of any type and provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.  Southern Glazer's Wine and Spirits provides competitive compensation based on estimated performance level consistent with the past relevant experience, knowledge, skills, abilities and education of employees.  Unless otherwise expressly stated, any pay ranges posted here are estimates from outside of Southern Glazer's Wine and Spirits and do not reflect Southern Glazer's pay bands or ranges.