remote Full-time

CNA is hiring a Director of Vulnerability Management

About the Role

CNA is seeking a Director of Vulnerability Management to lead the transformation and acceleration of our Vulnerability Management program into a core information security strength. This leadership role combines 70% deep technical expertise with 30% strategic leadership, ensuring vulnerabilities across our global, hybrid environment are identified, prioritized, and remediated effectively.

What You'll Do

  • Lead and execute a comprehensive Vulnerability Management program throughout a global technology organization leveraging legacy and modern assets and applications located on-premises and in the cloud.
  • Own and operate the enterprise vulnerability management program, including vulnerability scanning, reporting, and remediation tracking.
  • Build and nurture strong partnerships with asset owners and managed service providers to drive vulnerability remediation, mitigate risk, and ensure secure asset configurations.
  • Oversee and technically validate the MSP’s delivery of vulnerability scanning and assessments using Tenable tools.
  • Be accountable for the vulnerability remediation process within CNA, which may include vulnerabilities discovered through scanning, ethical hacking, threat intelligence, and other sources.
  • Holistically own the secure configuration management process, working with various teams to develop secure technical specifications and continuously improve posture.
  • Develop enterprise policy, standards, plans, and strategy for vulnerability management and secure configuration in alignment with business and regulatory requirements.
  • Develop and present VM program metrics, KPIs, KRIs, and performance reporting to communicate risk and program effectiveness to governance and leadership.
  • Perform detailed analysis of vulnerability data to identify trends, recurring issues, and systemic weaknesses, and use this analysis to prioritize remediation efforts.
  • Identify, recommend, and prioritize appropriate measures to manage and remediate vulnerabilities to acceptable risk tolerances.
  • Partner with other teams to risk assess potential impact from vulnerabilities and recommend compensating security controls.
  • Mentor and develop a team of vulnerability management professionals, fostering a culture of continuous learning and operational excellence.
  • Be a champion for vulnerability management and information security, broadening awareness and education of security best practices.
  • Serve as primary point of contact and escalation for the MSP, holding them accountable to SLAs, quality standards, and performance metrics.
  • Communicate vulnerability risks, trends, and remediation progress to senior leadership, including executives and the Board, in clear business terms.
  • Partner with application and infrastructure owners to ensure remediation activities are prioritized and executed effectively.

What We're Looking For

  • 6+ years in a vulnerability management program, with expertise in assessing, prioritizing, and driving remediation activities.
  • Typically, a minimum of ten years’ related work experience in Information Technology.
  • Strong hands-on expertise with Tenable.sc, Tenable.io, or equivalent enterprise vulnerability scanning tools.
  • Proven track record of leading vulnerability management programs and teams with expert-level knowledge of security concepts and strategies.
  • Expert-level understanding of key vulnerability management and information security concepts, such as: risk, severity, exploitability, CVE, CVSS, asset management, and secure configuration management.
  • Hands-on experience with leading vulnerability management tools at enterprise scale and strong technical understanding assessing vulnerabilities in legacy and modern assets on-premises and in the cloud.
  • Solid understanding of operating systems (Windows, Linux, Unix), networking, cloud platforms (GCP, AWS, Azure), and common enterprise application stacks.
  • Strong understanding of enterprise, network, endpoint, and application-level security issues and risks.
  • Excellent written and verbal communications and interpersonal skills to work effectively with peers, leadership, and subordinates.
  • Strong analytical and project management skills.
  • Proven ability to effectively lead, manage, coach, and develop a team, including both direct leadership and cross-functional capabilities.
  • Proven experience managing MSP relationships, including SLA enforcement and technical oversight.
  • Experience interacting with auditors and regulators.
  • Experience and comfort working across evolving cloud and on-premises hybrid environments and technologies.
  • Self-starter with the ability to make independent data-driven decisions and the judgment to know when to seek guidance.
  • Ability to foster collaborative, open, working relationships with stakeholders.
  • Bachelor's degree in Computer Science, or related discipline, or equivalent work experience.

Nice to Have

  • CISSP, CISM, PMP, Tenable or equivalent certifications.

Technical Stack

  • Vulnerability Management: Tenable.sc, Tenable.io
  • Cloud Platforms: GCP, AWS, Azure
  • Operating Systems: Windows, Linux, Unix

Team & Environment

You will lead an internal vulnerability management team consisting of FTEs and contractors. This leadership position reports to a senior-level leader, typically an AVP or above.

Benefits & Compensation

  • CNA offers a comprehensive and competitive benefits package to help our employees – and their family members – achieve their physical, financial, emotional and social wellbeing goals.
  • Compensation: $97,000 to $189,000 annually (national base pay range for specified states/jurisdictions).

Work Mode

This position is fully remote.

CNA is committed to providing reasonable accommodations to qualified individuals with disabilities in the recruitment process.

Required Skills
Tenable.scTenable.ioGCPAWSAzureWindowsLinuxUnixVulnerability ManagementRisk ManagementSecurity FrameworksTeam LeadershipProject ManagementComplianceScripting
Scaling your freelance income?

Invoice multiple clients effortlessly

Managing 3+ international clients? Glopay streamlines everything. One EU company, unlimited invoices, automatic compliance. You just send and get paid.

Unlimited clients & invoices
Multi-currency support
Automated tax compliance
Client portal for easy payments
Scale with Glopay
Trusted by 10,000+ freelancers
About company
CNA

CNA is an insurance company focused on creating a culture that values employee potential and professional growth.

Visit website
Job Details
Category management
Posted 7 months ago