The Senior Directory of Infrastructure & Network Security is responsible for driving and evolving our enterprise-wide configuration and vulnerability management programs to meet the demands of the changing threat landscape. These teams and services under this leadership are essential for protecting a complex hybrid environment (cloud and on-prem) by driving risk identification, reduction, and ensuring alignment with enterprise security and compliance objectives. This role requires a combination of deep technical expertise, strong people leadership, and ability to translate cybersecurity risk into business-relevant insights for executive stakeholders. Key Responsibilities Leadership & Organizational Management • Lead, mentor, and scale a high-performing team of 25+ associates within the Infrastructure & Network Services organization • Foster a culture of accountability, innovation, and continuous improvement • Partner cross-functionally with Risk, Compliance, IT and Product teams Vulnerability Management Strategy & Execution • Own and execute a global vulnerability management program spanning 100,000+ assets across cloud and on-prem environments • Develop and maintain a multi-year vulnerability management roadmap aligned to enterprise security strategy, risk appetite, and regulatory requirements • Drive and mature platform capabilities and strategies for communicating and managing the risks identified through the various programs. Technology & Innovation • Lead configuration and optimization of modern vulnerability tools including Wiz, Qualys, and CrowdStrike • Implement runtime vulnerability monitoring across containerized and serverless environments • Drive innovation through custom-built solutions such as: Vulnerability Management as a Service (VMaaS API) • Centralized vulnerability management portal • Automation integrations (e.g., chatbot-based workflows) Governance, Reporting & Stakeholder Engagement • Present monthly risk posture updates to executive steering committees, demonstrating quantifiable risk reduction • Establish product-level security scoring models to provide clear visibility into risk ownership, prioritization, and accountability • Align vulnerability and configuration management practices with compliance frameworks and audit requirements • Build and maintain metrics-driven dashboards for real-time security visibility • Establish and track KPIs and KRIs to measure program effectiveness and risk reduction Incident Response & Risk Mitigation • Provide direct and indirect leadership as well as technical guidance during major vulnerability events and campaigns (e.g., Log4j, critical enterprise platform vulnerabilities) • Ensure rapid detection, prioritization, and remediation coordination across the enterprise Qualifications Required Experience • 12+ years of experience in cybersecurity, infrastructure security, or vulnerability management • 7+ years in leadership roles managing large, distributed teams • Proven experience building and scaling enterprise vulnerability management programs in complex environments • Deep expertise across cloud, on-prem, containerized, and serverless architectures Technical Expertise • Strong understanding of vulnerability management lifecycle, CVE/CVSS scoring, and risk prioritization • Experience with leading tools such as Wiz, Qualys, and CrowdStrike Spotlight • Familiarity with automation, APIs, and integration into DevOps workflows • Experience with data platforms and visualization tools such as Snowflake and Grafana Leadership & Business Skills • Ability to translate technical risk into business impact for executive audiences • Strong stakeholder management and influencing skills across technical and non-technical teams • Experience aligning security programs with enterprise risk management and compliance frameworks Preferred Qualifications • Experience implementing Vulnerability Management as a Service (VMaaS) or similar platform-based models • Background in large-scale digital transformation or cloud migration initiatives • Experience building security scoring models and enterprise risk dashboards • Relevant certifications (e.g., CISSP, CISM, or equivalent)