Threat Intelligence & Vulnerability Manager
Vanguard, one of the world’s largest investment management companies and a recognized employer of choice, seeks a Threat Intelligence and Vulnerability Manager, to lead external and internal threat intelligence and analytical capabilities to understand tactical and strategic threats to Vanguard, and help identify opportunities where capabilities should be improved. This role also leads the identification, classification, tracking, and monitoring status of remediation efforts to address vulnerabilities across the security organization.
Duties and Responsibilities:
1. Manages and engages staff. Provides guidance, training and motivation as necessary to develop staff. Hires, evaluates and counsels crew. Follows corporate disciplinary procedures per established Vanguard standards as required. Sets performance standards, reviews performance, provides feedback, and recommends wage increases in accordance with all applicable Human Resources policies and procedures.
2. Manages collection and analysis of internal and external security data, immediate and emerging threats. Provides rapid assessments of potentially imminent security situations, sensitive developments and complex threat issues. Oversees creation of in-depth reports and advisories on security risks to employees and operations worldwide. Provides rapid assessments of potentially imminent security situations, sensitive developments and complex threat issues.
3. Evaluates Vanguard’s security posture and risk appetite by assessing the impact and likelihood that inside/outside threats can exploit vulnerabilities on critical business assets. Creates and optimizes new and existing processes to integrate vulnerability requirements with IT and security operations. Aligns the optimized Vulnerability Management strategy into security framework to increase efficiency and reduce costs.
4. Identifies, tracks, and monitors emerging security threats and trends. Keeps abreast of changing geopolitical events which could impact stability and operations. Leads the development of reporting on the results of vulnerability assessments, penetration testing, and configuration of dynamic and static code analysis platforms and drive remediation. Performs root cause analysis to identify vulnerabilities within the organization’s security framework.
5. Leads the identification, assessment, mitigation, monitoring and reporting of security risks throughout IT. Develops and presents security assessment reports to management, highlighting findings, trends, and level of exposure including presentations to the Information Security Steering Committee & Divisional Staff Meetings as needed.
6. Stays abreast of changing geopolitical events which could impact stability and operations. Provides research, analysis, coordination, publishing and briefs on security threats, non-technical risks and geo-political issues in diverse geographical areas in foreign countries or domestic operations that have the potential of affecting the organization’s businesses and employees.
7. Assesses unforeseen threat developments and recommends changes in security direction and approach. Prepares briefs on strategic intelligence issues for senior management. Maintains internal and external contacts that focuses on threat and risk issues. Develops and presents security assessment reports to management, highlighting findings, trends, and level of exposure.
8. Communicates with auditors and regulators during compliance and regulatory reviews. Ensures technical compliance with security related regulatory requirements (PCI, SOX, PII, PHI, etc.). Advises Red Teaming & War Gaming specialists for developing scenarios based on recently identified vulnerabilities. Coordinates with Security Risk & Control Assessment teams to identify and/or validate vulnerabilities of critical business assets.
9. Leads cross functional teams to address critical security risks to the business. Ensures that security risk related issues are appropriate being addressed within the IT environment by collaborating with key partners to include other ITSO teams, Legal, Fraud, Information Security, Compliance, Contingency and Audit.
10. Manages and conducts research into various reference archives, open source intelligence, and databases to extract information contributing to threat and risk analysis or due diligence and background investigation research.
11. Participates in special projects and performs other duties as assigned.
The ideal candidate should possess
- An undergraduate degree in IT or related discipline, or an equivalent combination of education and experience. Master’s degree preferred.
- Minimum of eight to ten years’ broad senior technical, operations, or applications experience. Financial services industry experience preferred.
- Exceptional leadership, organizational, and interpersonal skills. Ability to lead and motivate others.
- Excellent communication, negotiation, diplomacy, and presentation skills.
- Ability to effectively manage multiple and competing priorities of the team and department as well as one’s own priorities and time.
- Excellent project management skills.
- Exhibits flexibility and excellent judgment.
- Broad knowledge of business applications used at Vanguard or other financial institutions preferred.
- Deep knowledge of threat intelligence concepts and leading industry practices is required.
- Certifications: One or more of CISSP, CISM, CISA or other relevant certifications required as per the role.
Vanguard is not offering visa sponsorship for this position.
Back to top