Job Description
This role is a senior, hands-on Vulnerability & Risk Management Manager responsible for leading and maturing the enterprise vulnerability management and risk reduction program across infrastructure, cloud, and applications. Day to day, this person will own the full vulnerability management lifecycle — scanning, ingestion, normalization, prioritization, remediation tracking, and reporting — while transitioning the program from volume-based CVE tracking to risk-based prioritization aligned with business impact and exploitability. They will establish and enforce SLAs by severity and asset criticality, correlate vulnerability data with threat intelligence (active exploitation, CISA KEVs), asset exposure, and business impact, and lead risk acceptance and exception processes with proper documentation. A major part of the role is driving remediation at scale by working cross-functionally with infrastructure, endpoint, cloud/platform, application, and incident response teams to remove blockers and improve cycle time. This individual will also build out the program's SOPs, reporting frameworks, KPIs (MTTR, SLA adherence, risk reduction trends), and dashboards, while acting as the central coordinator for vulnerability-related risk reporting to leadership — translating technical findings into clear business risk statements for stakeholders. They'll support audit and compliance requirements (e.g., J-SOX, internal audits), evaluate and optimize tooling (Tenable, Qualys, Defender, etc.), and partner with security architecture and engineering to drive systemic fixes beyond just patching.
We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to HR@insightglobal.com.To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/.
Required Skills & Experience
8–12+ years in cybersecurity with strong emphasis on vulnerability management and risk governance
Experience standing up or maturing a vulnerability management program at scale
Strong understanding of vulnerability scanning methodologies and tooling, CVE/CVSS scoring (including its limitations), and contextual risk scoring beyond CVSS
Proficiency with operating systems, networking, and cloud architectures (AWS/Azure/GCP)
Ability to analyze vulnerability data at scale, identify false positives/duplicates, and prioritize realistically based on environment and exposure
Experience integrating data from multiple security tools into a cohesive risk view (asset inventory/CMDB, patch management, CSPM/CNAPP, application security pipelines)
Strong cross-functional collaboration skills — ability to drive accountability across IT and engineering teams without friction
Executive-level communication skills — able to deliver risk-focused summaries for leadership and detailed technical reporting for remediation teams
Experience with risk management and governance — risk acceptance processes, exception tracking, audit/compliance documentation, and enterprise risk register input
Nice to Have Skills & Experience
CISSP, CRISC, or CISM certification
GIAC certifications (e.g., GMON, GPEN — not required but helpful for context)
Cloud/security platform certifications (AWS, Azure)
Familiarity with application security concepts
Experience building dashboards and reporting that clearly show risk posture, trends over time, and areas requiring leadership attention
Experience establishing training and guidance for IT and engineering teams to improve remediation quality
Benefit packages for this role will start on the 1st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.