Job Description
Insight Global is looking for a remote Vulnerability Cyber Program Manager. The Vulnerability Management Program Manager is a senior technical role responsible for designing, driving, and maturing the enterprise vulnerability management lifecycle. This individual serves as the strategic and operational owner of vulnerability identification, prioritization, remediation tracking, and reporting across the organization's hybrid infrastructure environment.
Key Responsibilities
Program Strategy & Governance
• Own and mature the enterprise vulnerability management program, including policy, standards, procedures, and SLAs
• Define and maintain risk-based vulnerability prioritization frameworks (CVSS, EPSS, threat intelligence, asset criticality)
• Develop and enforce remediation SLAs aligned to risk tiers and regulatory requirements (HIPAA, PCI-DSS, NIST, etc.)
• Lead vulnerability management steering committee meetings and report program KPIs/KRIs to CISO and executive stakeholders
• Maintain program documentation, including remediation playbooks, escalation workflows, and exception management processes
• Manage and track remediation workflows and ticketing through Jira and ServiceNow, ensuring full lifecycle traceability
Technical Operations
• Oversee vulnerability scanning operations across on-premises, cloud (Azure/AWS/GCP), containers, and endpoints using Tenable
• Manage asset inventory and full attack surface visibility through Axonius as the centralized asset intelligence platform
• Drive external attack surface management programs leveraging Xpanse ASM to identify and reduce internet-exposed risk
• Operate CrowdStrike Exposure Management to correlate endpoint telemetry with vulnerability risk for prioritized remediation
• Partner with infrastructure, cloud, and application teams to ensure full asset coverage and scan fidelity
• Lead patch and endpoint vulnerability remediation workflows integrated with Ivanti Cloud for lifecycle management
• Drive correlation of vulnerability findings with threat intelligence to prioritize exploitable, in-the-wild risks
Remediation & Cross-functional Collaboration
• Partner with IT, DevOps, cloud engineering, and application security teams to drive timely remediation
• Facilitate exception and risk acceptance workflows with stakeholders, tracked in ServiceNow or Jira
• Coordinate with the SOC and Threat Intelligence teams to align vulnerability prioritization with active threat campaigns
• Drive DevSecOps integration to shift vulnerability discovery left into CI/CD pipelines
• Establish and track metrics for mean time to remediate (MTTR) by risk tier using Jira dashboards and ServiceNow reporting
Metrics, Reporting & Continuous Improvement
• Develop executive-level dashboards and operational metrics reports (weekly, monthly, quarterly)
• Leverage Axonius asset data and Tenable scan results to produce accurate, comprehensive risk reporting
• Define and track program maturity against frameworks such as CMMI, NIST CSF, or custom maturity models
• Conduct trend analysis on vulnerability backlogs and aging to identify systemic remediation gaps
• Lead continuous improvement initiatives to increase program efficiency, coverage, and risk reduction velocity
• Report compliance posture against regulatory and audit requirements
Compensation: $60/hr to $64/hr. Exact compensation may vary based on several factors, including skills, experience, and education. Benefit packages for this role will start on the 31st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law
We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to HR@insightglobal.com.To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/.
Required Skills & Experience
Experience
• 7+ years in cybersecurity with at least 3 years in vulnerability management, security operations, or technical program management
• Demonstrated experience managing enterprise-scale vulnerability programs across hybrid environments (on-prem, cloud, containers, endpoints)
• Proven track record of cross-functional program management, driving remediation accountability across large, complex organizations
Technical Skills
• Hands-on experience with Tenable (Tenable.io / Tenable.sc) for enterprise vulnerability scanning and reporting
• Proficiency with Axonius as an asset intelligence and cyber asset attack surface management (CAASM) platform
• Experience operating CrowdStrike Exposure Management to surface and prioritize endpoint and identity risk
• Working knowledge of Xpanse ASM (Palo Alto) for external attack surface discovery and remediation
• Familiarity with Ivanti Cloud for patch management, endpoint compliance, and remediation automation
• Experience managing vulnerability and remediation workflows in Jira and ServiceNow
• Familiarity with CVSS scoring, EPSS, KEV (CISA Known Exploited Vulnerabilities), and risk-based prioritization
• Working knowledge
Nice to Have Skills & Experience
• Experience with regulated industries (healthcare, finance, or government) preferred
• CISSP, CISM, or equivalent security leadership certification
• Certified Vulnerability Assessor (CVA) or equivalent
• PMP or similar program management certification
• Cloud security certifications (CCSP, AWS Security Specialty, Azure Security Engineer) a plus
• Ability to build dashboards and reports (Power BI, Splunk, Excel/Python a plus)
Benefit packages for this role will start on the 1st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.