Location Designation: Hybrid - 3 days per quarter

Role Summary

Lead the centralized operating model for enterprise vulnerability intake, prioritization, governance, SLA tracking, remediation orchestration, reporting, escalation, and evidence-based closure across infrastructure, cloud, endpoints, and application-dependent services.

This role converts vulnerability findings into measurable risk reduction by aligning Security, Infrastructure, Endpoint, Cloud, Application, SRE, Risk, Change, and vendor teams around clear ownership, target dates, decision gates, and closure evidence.

What You'll Do:

Strategy, Governance & Operating Model
• Own the enterprise patch and vulnerability remediation operating model across on-prem, cloud, endpoint, and application-dependent environments.
• Define and enforce intake, triage, severity lanes, remediation SLAs, escalation paths, exception handling, and closure evidence standards.
• Chair daily and weekly remediation governance forums; drive accountability across resolver teams and surface blockers for executive action.
• Design the centralized workflow that connects scanning, asset ownership, patch execution, change coordination, validation, and executive reporting.

Intake, Prioritization & SLA Management
• Triage findings from Qualys, Tanium, security alerts, vendor advisories, threat intelligence, and exception requests.
• Prioritize remediation by severity, exploitability, exposure, business criticality, compensating controls, and regulatory/audit impact.
• Ensure every finding has an accountable owner, target date, remediation path, and documented status.
• Manage zero-day, Critical VIT, High, Medium, Low, and priority patch lanes, including 24-hour, 3-day, and 6-day accelerated cycles.

Reporting, Metrics & Executive Communication
• Produce executive dashboards covering backlog, aging, SLA adherence, mean time to closure, patch success rate, rollback count, exception aging, ownerless assets, and automation coverage.
• Translate technical remediation risk into business impact, escalation decisions, and leadership actions.
• Partner with Risk, Security, Audit, and Technology leadership on evidence quality, control maturity, and remediation accountability.

Cross-Team Orchestration
• Coordinate endpoint, infrastructure, cloud, and application remediation dependencies across CIO teams, SREs, DevOps, and vendors.
• Escalate blocked remediation caused by application validation, reboot approvals, access constraints, tooling gaps, vendor delays, or production sign-off issues.
• Partner with automation teams to reduce manual validation and increase evidence capture.

Authority and Scope
• Set remediation expectations, SLA timelines, status reporting standards, and evidence requirements for in-scope vulnerabilities.
• Require remediation plans, target dates, owner assignment, and time-bound exception requests from infrastructure, endpoint, cloud, and application teams.
• Escalate missed deadlines, unresolved blockers, unmanaged risk, and unsupported exceptions through formal governance channels.

Success Measures & Key Outcomes (First 6-12 Months)
• Critical and High SLA adherence improves across endpoint, infrastructure, cloud, and application-dependent services.
• Reduction in aging vulnerabilities, repeat findings, exception backlog, and ownerless assets.
• Executive dashboards are accurate, current, and used for decision-making.
• Closure quality improves through scan validation, automated testing evidence, and documented remediation records.

What You'll Bring:
• 10+ years in IT Operations, Infrastructure, Security Engineering, SRE, or Vulnerability Management, with experience leading cross-functional remediation programs.
• Strong understanding of vulnerability scanning, patching, change, exception, asset inventory, and remediation governance.
• Experience with Qualys, Tanium, ServiceNow/Jira, CMDB, dashboarding, executive reporting, and SLA management.
• Ability to influence senior stakeholders and drive decisions across Technology, Security, Risk, and Application teams.

Nice to Have
• Financial services or regulated-industry experience.
• Familiarity with cloud security posture, container security, DevOps, CI/CD, and application security integrations.
• Certifications such as CISSP, CISM, CRISC, ITIL, cloud security, or SRE-related credentials.

Working Model

Hybrid role requiring regular collaboration with IT Operations, Cybersecurity, Risk, CIO application teams, and executive stakeholders. Occasional off-hours engagement is expected during zero-day events, Critical VIT response, or major remediation campaigns.

Pay Transparency

Salary Range: $111,500-$159,000

Overtime eligible: Exempt

Discretionary bonus eligible: Yes

Sales bonus eligible: No

Actual base salary will be determined based on several factors but not limited to individual's experience, skills, qualifications, and job location. Additionally, employees are eligible for an annual discretionary bonus. In addition to base salary, employees may also be eligible to participate in an incentive program.

Our Benefits

We provide a full package of benefits for employees - and have unique offerings for a modern workforce, including leave programs, adoption assistance, and student loan repayment programs. Based on feedback from our employees, we continue to refine and add benefits to our offering, so that you can flourish both inside and outside of work.Click hereto discover more about our comprehensive benefit options or visit our NYL Benefits Site.

Job Requisition ID: 94269