Threat and Vulnerability Manager - Luton

IT/Information/Cyber Security
Ref: 49 Date Posted: Monday 11 Nov 2019
LinkedIn ShareShare


Reports to: Head of Security Operations
Salary: £61,000 - £84,000

The Role

The threat and vulnerability manager is responsible for protecting our organisation's information and information systems from both loss and compromise through the delivery and effective management of threat intelligence and vulnerability management systems.

• Accountable for the management of threat intelligence and vulnerability management system capabilities
• Responsible for ensuring that clear strategies, processes, procedures and guidelines are in place for threat intelligence and vulnerability management, aligned to relevant security policies and standards
• Produce and disseminate threat and vulnerability management Information, including preparation of reporting material for periodic security groups
• Identify requirements and drive improvements to the vulnerability management standard, processes and tooling
• Identify vulnerabilities using scanning tools, third party and security testing reports
• Lead the investigation into vulnerabilities, advise on mitigation, root cause analysis and service improvements
• Direct IT teams and third parties to address timely remediation of identified vulnerabilities
• Responsible for ensuring that vulnerability reports are completed and any vulnerabilities addressed against compliance and regulatory requirements
• Provide IT teams with vulnerability focused technical support, training and consultancy to ensure compliance with security polices, standards, compliance and regulation
• Monitor security threats and known vulnerabilities to ensure that appropriate operational security controls are working effectively
• Organise and chair vulnerability management review boards
• Work with IT Change Management and third parties to ensure smooth running of vulnerability systems
• Act as a trusted threat and vulnerability management specialist and become the ‘Go To’ person within IT
• Introduce new controls through the process of continuous improvement
• Develop and operate processes and procedures that counteract potential threats and vulnerabilities, Introducing new controls through the process of continuous improvement


• Ownership and Delivery. Has a clear focus to deliver results, working to targets, reviewing progress and adapting their plans accordingly, motivating themselves/the team to achieve.
• Business Performance. Understands business and external environment, is cost conscious and understands the longer-term perspective and implications of decisions.
• Innovation and Change. Is open to new ways of doing things and questions existing approaches, views change as an opportunity, comfortable working in a dynamic and ambiguous environment.
• Building Relationships. Expresses ideas confidently and clearly, builds positive and constructive relationships with others, gets to know colleagues within their own team and supports them to ensure team goals are achieved.  

Requirements of the Role

• The jobholder must have a thorough understanding of the Information security threat landscape, significant risks, technical developments and directions.  
• Strong interpersonal and management skills are essential, as the jobholder must be able to lead a team and operate effectively at all levels within and outside of the organisation.
• Depth of experience in IT Technical Security, including time as a security senior practitioner
• Experience of managing a managed security service provider
• Experience of using threat intelligence systems and services
• Experience of vulnerability management
• Demonstrable experience in the identification and implementation of information security technical controls to mitigate vulnerabilities
• Excellent written and oral communication skills
• Ability to present ideas in ‘non-technical’ business-friendly accessible language
• Ability to effectively prioritise and execute tasks in a high-pressure environment

One or more of the following qualifications are highly desirable.

• Masters in Information Security (MSc)
• Certified Information Systems Security Professional (CISSP)
• Vendor technology certifications specific to threat intelligence, vulnerability management, network security, host security and application security