Willis Towers Watson
,
Reigate, Surrey
Head of Vulnerability Management and Security Testing- FTC
|
Job Type: Full-time |
---|
Overview
Summary of Role The Head of Vulnerability Management & Security Testing is responsible for the provision of two closely related key services globally including directly leading teams, creating processes, and management of technologies & 3rd parties that make up the services. The role reports to the Director of Cyber Defence & Security Operations, and this is a key and visible role in the leadership team of the Cyber function. The role will work closely alongside the rest of the Cyber Leadership Team (e.g. Threat Intelligence), the wider Information & Cyber Security function (e.g. and leaders in operational IT teams to ensure accurate detection, and the prioritized, timely and appropriate resolution of security vulnerabilities. They will also work closely with stakeholders from across the business to ensure that vulnerabilities are appropriately escalated, communicated and resolved, and that threats are understood and mitigated. We are looking for a collaborative team player, with a deep technical knowledge and the ability to lead others. The successful candidate will be able to shape and mature security services in a large multinational organisation. They will contribute to and work as part of a global multi-disciplined security community with clear vision and direction, and top down support across the business. They will help the wider community in fostering a culture which is both security aware and is a great place to come to work. The Role Responsibilities: Create, maintain and execute appropriate vulnerability management processes to enable timely detection, risk-based prioritisation, and co-ordinate the remediation of security vulnerabilities. Produce consumable, relevant and actionable reporting demonstrating security posture and the risk posed by vulnerabilities. Manage planning & execution of corporate penetration testing. Work with other security teams such as Global SOC and Threat Intelligence to identify elevated risks & recurring patterns and propose strategic actions to reduce risk. Provide clear, concise and easily consumable communication with key technical and non-technical stakeholders so that vulnerabilities are understood and appropriately addressed. Develop and maintain a Continuous Security pipeline to ensure applications and infrastructure are secure through all portions of the SDLC without slowing down the pace of the business. Build, lead and support teams of security experts specialised in vulnerability management, penetration testing, and software development security. Manage relationships with 3rd party penetration testing service providers and vulnerability management vendors to ensure quality, effective, and efficient services and technologies can be consumed by the business. Measure and report the maturity, effectiveness and efficiency of Vulnerability Management and Security Testing services Understand the elements involved within the exception requests and their importance - data sensitivity assessment, control implementation and maintenance plan, assessing the legal, compliance, reputation, and operational risks associated with the exception. Ensure accurate and clear communication with all stakeholders. Provide appropriate MI to key stakeholders. The Requirements Demonstrable track record of: o Leading mature cyber security activities including vulnerability management in a multinational organisation o Scoping and managing penetration testing activities o Building and leading effective security teams Excellent technical expertise in: o Application and infrastructure security principles o Frameworks & methodologies such as CVSS, CIS Benchmarking, OWASP o Secure software development methodologies o Threat modelling and operational risk management o Relevant technical solutions such as vulnerability management tooling Beneficial qualifications include: o CISSP o CISM o SANS GEVA o CISA Equal Opportunity Employer