Request Technology - Craig Johnson
Oakland, California
25/06/2025
Full time
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Enterprise Company is currently seeking a Manager of Cyber Security Risk and Vulnerabilities. Candidate will be responsible for developing and leading a high-performing team focused on vulnerability management, including vulnerability discovery, risk-based prioritization, and enterprise remediation coordination. This role oversees the design, delivery, and continuous improvement of services that reduce technology risk through scalable vulnerability identification and tracking processes, platform ownership, and stakeholder collaboration. The successful candidate will build strong relationships with key enterprise partners - including architecture, engineering, infrastructure, and application teams - to ensure vulnerabilities are understood, prioritized appropriately, and addressed in alignment with business risk tolerance. Through technical expertise and operational leadership, the manager will advance the maturity of the organization's vulnerability management program and its integration with broader cyber risk functions. The ideal candidate will balance strong technical fluency with people leadership, operational execution, and the ability to inspire a high-performing team in a dynamic cybersecurity landscape. Responsibilities: Leads, coaches, and develops a team of engineers responsible for vulnerability discovery, assessment, risk-based prioritization, and remediation tracking across cloud, on-premises, and hybrid environments Envisions, defines, designs, builds, staffs, and delivers vulnerability management processes and capabilities Leads and supports the planning and execution of team goals and projects, including setting long-term strategy and making decisions about tools, technology, and staffing needs Partners closely with stakeholders across technology, including architecture, engineering, infrastructure, application development, and cyber risk management teams to facilitate vulnerability communications, support remediation activities, and provide continuous reporting. Collaborates with enterprise risk, compliance, and threat intelligence teams to ensure vulnerability management aligns with the organization's overall risk management strategy. Ensures all project deliverables meet high standards for accuracy, completeness, and impact, and are delivered on time to support team and organizational objectives Represents the vulnerability management program to senior leadership, delivering concise, risk-informed insights and recommendations Manages program metrics, reporting, and performance indicators to demonstrate business value, operational maturity, and continuous improvement Supports the organization's processes/methodologies, structure, culture, skills/experience, process support tools, knowledge resources, and other components Contributes to team culture by modelling integrity, inclusivity, accountability, and collaboration This list is not all-inclusive and you are expected to perform other duties as requested or assigned Qualifications: 8+ experience years with a Bachelor's degree; strong hands-on Supervisory/Management experience Industry certifications such as CISSP, GSEC, OSCP, or comparable security-related credentials are strongly preferred Proven experience managing enterprise-scale vulnerability management programs and tools Proven expertise in developing, mentoring, and retaining high-performing teams while fostering a mindful, inclusive, and trust-based team culture Strong ability to build trust, partnerships, and mutual support across many diverse teams Excellent communication and presentation skills, with the ability to convey technical concepts to diverse audiences and a strong emphasis on listening and understanding stakeholder needs Proven record of complex and creative problem-solving, and the desire to build, influence, and improve systems, programs, and processes Demonstrated background in strategic planning, service/program development, capability assessment, and building strong narratives to drive decision-making and create change Ability to understand how individual and team efforts align with broader organizational objectives, and to make decisions with enterprise-wide impact in mind Strong commitment to craftsmanship, with a focus on quality, accuracy, and clarity of work Technical & Domain Expertise: Deep understanding of risk-based vulnerability management. Knowledge of vulnerability scoring systems (CVSS), security benchmarks (CIS, NIST), and risk quantification techniques Proficiency in selecting, implementing, and managing vulnerability scanning tools (eg, SAST, SCA, IAST, DAST, Network/Infrastructure, Cloud, etc.) across the technology stack Experience designing and implementing automation for vulnerability management processes using generative AI, agent-based systems, large language models (LLMs), or machine learning to improve efficiency, effectiveness, and scalability Skilled in analysing business and technical requirements and translating them into effective solutions, technical plans, roadmaps, budgets, and proposals that support cyber program growth and align with cyber and organizational goals Commitment to continuous learning with the ability to research and enhance technical and domain-specific knowledge to support rapidly changing environments Skilled in coordinating multiple concurrent projects with a clear understanding of the project life cycle, prioritization frameworks, and delivery expectations