Threat and Vulnerability Management Senior Manager has an in-depth knowledge and experience in enterprise vulnerability management and is responsible for management of the vulnerability scanning technologies and business process. The role includes, but is not limited to the responsibility of the TVM operations, technology roadmap and product lifecycle. The primary operations contact for platform availability, enhancements and capacity management. Maintains vendor relationships for product direction, support, maintenance and enhancements.
Core Job Responsibilities
- Position requires significant interaction with senior management and technical specialists across functional disciplines.
- Lead and support large projects with multiple systems interfaces aligning vulnerability scanning solutions with business strategies
- Lead a team that develops, refines and implements enterprise-wide vulnerability scanning and reporting strategies, policies and procedures across multiple platform and application environments.
- Proactively recommend, manage, and implement required changes to cyberrisk, security policies, procedures, and metrics.
- Review and facilitate approval of all policies related to vulnerability assessment and reporting.
- Participate in security planning and analyst activities.
- Collaborate with and across Abbott IT teams to ensure vulnerability scanning schedules and requirements are incorporated into business plans.
1-4 Direct Reports
Position Accountability / Scope
Reports to the Director Cybersecurity Operations. The scope of this position is Abbott wide and considers the information security implications unique to all Abbott divisions when developing operational strategies. May have direct budget responsibility.
- Bachelor's degree or higher in Information Security, Risk or IT Management, Computer Science, or related field
Minimum Experience/Training Required
- 3 years of related work experience with a strong focus in Vulnerability Management or equivalent combination of education and work experience.
- Experience with implementation and operational use of Qualys Vulnerability products or equivalent technologies.
- Possess CISSP, CISM, CISA certification (or similar) and be knowledgeable of national and international regulatory compliances and frameworks such as ISO, SOX, BASEL II, EU DPD, HIPAA, and PCI DSS.
- Requires strong analytical skills, business intelligence, effective communication, interpersonal skills, organizational intelligence, relationship management, the ability to make meaningful decisions based on sound judgment, and the ability to work effectively with a variety of roles from Executive Management to Security Analysts.