Cyber Security Vulnerability Manager

You'll be responsible for the full vulnerability lifecycle - from discovery and prioritisation through remediation and executive reporting. Leading a team of skilled vulnerability analysts and technical specialists, you'll collaborate closely with resolver groups, audit teams, and maturity programmes to continuously strengthen our security posture.

Although the role is fully remote, the team comes together monthly in our London office to collaborate and connect.

What You'll Do

Strategy & Governance

• Define and own the vulnerability management strategy, policies, SLAs, and operating rhythm.
• Manage and mature the exemptions process in line with industry best practice.
• Continuously raise the maturity of the programme, ensuring the right information reaches the right teams at the right time.

Risk Identification & Prioritisation

• Own the vulnerability lifecycle from discovery through remediation to executive reporting.
• Prioritise vulnerabilities based on risk, exposure context, asset criticality, and business impact.
• Partner with threat intelligence teams to enrich CVEs and improve risk-based decision-making.
• Perform root cause analysis on recurring vulnerabilities and systemic issues, driving long-term remediation.

Leadership & Collaboration

• Lead and develop a team of experienced vulnerability analysts and technical specialists.
• Work closely with technology teams, business units, audit, and resolver groups to reduce organisational risk.
• Influence stakeholders and push boundaries to continuously improve capability and outcomes.

• Proven experience delivering vulnerability management in complex, regulated, or enterprise-scale environments.
• Hands-on experience with vulnerability management tools such as Tenable One, AWS Inspector, and ServiceNow VR.
• Strong technical knowledge across security domains including IAM, network security, cloud controls, application security, and monitoring.
• Deep understanding of vulnerability management disciplines, including attack surface management, CIS benchmarks, exposure management, and risk-based prioritisation.
• Experience designing, implementing, and maturing vulnerability management programmes.

Knowledge & Mindset

• Familiarity with security frameworks such as NIST CSF, ISO 27001, and OWASP.
• Understanding of regulatory and compliance requirements, including GDPR, NIS2, CE+, and ONR.
• A continuous improvement mindset, with a passion for learning and strengthening security posture.