Vulnerability Program Manager (Remote)

At Businessolver you have opportunities for individual development through our common language: Respond Readily. Trust through transparency. Assume positive intent. Be real. Live a growth attitude. Embrace the reverse golden rule.

The Vulnerability Program Manager is responsible for developing, implementing, and managing the organization's vulnerability management program. This role ensures timely identification, assessment, prioritization, and remediation of security vulnerabilities across enterprise systems, applications, and infrastructure. The position collaborates with cross-functional teams to drive continuous improvement in the organization's security posture and compliance with regulatory requirements.

The Gig:

• Lead the design, implementation, and continuous improvement of the enterprise vulnerability management program.
• Oversee vulnerability scanning, assessment, and reporting processes for all critical assets.
• Collaborate with IT, DevOps, and application teams to prioritize and track remediation efforts.
• Develop and deliver metrics, dashboards, and executive reports on vulnerability status and risk trends.
• Ensure compliance with internal policies, industry standards, and regulatory requirements related to vulnerability management.
• Coordinate vulnerability disclosure and response activities, including communication with external vendors and stakeholders.
• Provide guidance, training, and awareness to technical teams on vulnerability management best practices.
• Performs other duties as assigned.
• Comply with all policies and standards.

Qualifications:

• Bachelor's degree in computer science, Information Security, or a related field (or equivalent experience).
• 5+ years of experience in information security, with at least 2 years dedicated to vulnerability management.
• Proficiency with industry-standard vulnerability scanning tools (e.g., Qualys, Tenable, Rapid7) and remediation tracking platforms. Must be able to configure, schedule, and interpret scan results, and oversee the lifecycle of vulnerability remediation.
• Demonstrated expertise in applying security frameworks and industry standards such as NIST Cybersecurity Framework, ISO/IEC 27001, CIS Controls, and PCI DSS. Experience implementing and maintaining controls in accordance with regulatory requirements and industry benchmarks.
• Familiarity with vulnerability management best practices, including risk prioritization, patch management processes, threat intelligence integration, and continuous improvement methodologies. Ability to design and refine processes for vulnerability identification, assessment, and mitigation across enterprise environments.
• Relevant certifications preferred, such as CISSP, CISM, OSCP, GIAC, or equivalent credentials that validate proficiency in security practices and vulnerability management.
• Excellent communication, analytical, and project management skills. Proven ability to clearly articulate technical risk and remediation strategies to both technical and non-technical audiences, including executives and cross-functional teams.
• Experience collaborating with cross-functional teams (e.g., IT, DevOps, Application Development, Compliance, and Legal) to ensure coordinated vulnerability management efforts. Ability to lead meetings, drive consensus, and facilitate information sharing to maintain compliance with internal and external requirements.
• Demonstrated responsibility for monitoring, maintaining, and reporting on vulnerability management metrics and compliance status. Must proactively engage stakeholders to ensure ongoing adherence to organizational policies, standards, and regulatory obligations.

Leadership Responsibilities:

Indirect reports: As required for cross-functional initiatives

May manage contractors, consultants, or vendor representatives

Leadership responsibilities may include:

• Interview prospective employees
• Train employees
• Assign work and guide employees

The pay range for this position is $92K to $144K per year (pay to be determined by the applicant's education, experience, knowledge, skills, and abilities, as well as internal equity and alignment with market data).

This role is eligible to participate in the annual bonus incentive plan.

Interested? Great, we look forward to reviewing your application.