Vulnerability Manager

Description:

The Vulnerability Manager will lead the IT Infrastructure Cybersecurity Operations team, overseeing the enterprise-wide vulnerability remediation program for CA-CIB's infrastructure environment. This role bridges the Information Security team and IT Infrastructure platform teams, ensuring timely remediation of vulnerabilities across servers, networks, databases, and virtualization infrastructure while maintaining executive visibility through regular reporting.

Key Responsibilities

Infrastructure Vulnerability Remediation Management

• Lead remediation efforts for vulnerabilities across IT Infrastructure domains.

• Track vulnerabilities from Tenable, penetration testing, security assessments, and threat intelligence feeds

• Monitor remediation progress against established SLA deadlines

• Engage proactively with Infrastructure, Network, Database, and Virtualization teams to ensure timely closure

• Maintain comprehensive dashboards and metrics on vulnerability remediation status

Stakeholder Management & Reporting

• Present monthly vulnerability management reports to IT Infrastructure Management Steering Committee and CISO office

• Provide executive insights on remediation trends, infrastructure risk exposure, and program effectiveness

• Escalate critical infrastructure vulnerabilities to CTO, Infrastructure Directors, and Risk Management

Technical Guidance & Infrastructure Support

• Provide expert guidance on remediation strategies, patching approaches, and configuration hardening

• Troubleshoot complex remediation scenarios involving legacy systems, business-critical infrastructure, or technical dependencies

• Recommend best practices for infrastructure vulnerability mitigation aligned with banking industry standards

• Advice on patch management strategies balancing security requirements with infrastructure stability

Risk Acceptance & Control Validation

• Review and validate risk acceptance requests when immediate remediation is not feasible due to business criticality, legacy constraints, vendor limitations, or complex dependencies

• Assess adequacy of proposed compensating controls (network segmentation, access controls, monitoring)

• Guide teams in developing robust compensating controls that effectively reduce risk exposure

• Ensure risk acceptance documentation meets CA-CIB governance, regulatory, and compliance requirements.