Manager, Cyber Threat and Vulnerability Management

Job Summary

The Manager of Threat and Vulnerability Management will play a critical role in overseeing the identification, assessment, and mitigation of security vulnerabilities and threats within the corporate environment. This individual will lead a team of security professionals responsible for proactive vulnerability assessments, risk analysis, and ensuring the timely remediation of identified vulnerabilities. Reporting to the Director of Cyber Security Operations, the Manager will work with cross-functional teams to develop and implement strategies and processes to enhance the utility's security posture, ensuring the protection of sensitive infrastructure, data, and operations from cyber threats.

Essential Functions

• Lead and manage a team of threat and vulnerability analysts, providing guidance, mentorship, and career development. Establish performance metrics and objectives for the team.
• Oversee the enterprise’s cyber vulnerability management program, including the identification, classification, and prioritization of vulnerabilities across the organization's critical infrastructure and systems. Develop and implement strategies for reducing cyber risks.
• Perform and coordinate risk assessments to identify and evaluate cyber vulnerabilities and develop effective remediation plans. Work closely with internal teams and stakeholders to ensure timely resolution of high-risk vulnerabilities and threats.
• Support cyber incident response efforts by providing analysis and insights on vulnerabilities and threat vectors. Collaborate with the security operations center (SOC), IT teams, and other relevant departments during security incident investigations and response efforts.
• Ensure that cyber threat and vulnerability management practices align with industry standards, regulations, and internal security policies. Prepare regular reports and dashboards on threat landscape, vulnerability posture, and remediation progress for executive leadership.
• Evaluate and improve existing tools, processes, and workflows related to threat and vulnerability management. Stay current with industry best practices, emerging threats, and evolving technologies.

Education Description

• Bachelor’s degree in Computer Science, Information Security, or a related field. A Master’s degree is a plus.
• Relevant certifications (e.g., CISSP, CISM, CEH, GIAC) are highly preferred.

Experience

• Minimum of 5 years of experience in cyber security, with at least 3 years in a management or leadership role within a large enterprise or critical infrastructure environment.
• Proven experience in managing cyber vulnerability management programs, threat analysis, and incident response in a large enterprise or critical infrastructure environment.
• Strong understanding of security frameworks (NIST, ISO, etc.)
• In-depth knowledge of risk management practices, vulnerability assessment tools, and threat intelligence platforms.
• Skills & Abilities:
• Strong leadership and people management skills, with the ability to mentor and motivate a team.
• Exceptional problem-solving, analytical, and decision-making skills.
• Proficiency with cyber vulnerability management tools (e.g., Rapid7) and SIEM platforms (e.g., Splunk).
• Familiarity with operational technology (OT) security and challenges within the utility sector is a plus.
• Excellent communication skills, both written and verbal, with the ability to present complex information to non-technical stakeholders.
• Ability to manage multiple priorities in a fast-paced, high-pressure environment.
• Strong understanding of cyber security threats and vulnerabilities specific to electric and gas utilities, industrial control systems (ICS), and critical infrastructure.

Physical Requirements

Working Conditions