Manager Vulnerability Management & Risk Governance

Who we are

At Kenvue, we realize the extraordinary power of everyday care. Built on over a century of heritage and rooted in science, were the house of iconic brands - including Neutrogena, Aveeno, Tylenol, Listerine, Johnsons and BAND-AID Brand Adhesive Bandages that you already know and love. Science is our passion; care is our talent. Our global team is made up of ~ 22,000 diverse and brilliant people, passionate about insights, innovation and committed to delivering the best products to our customers. With expertise and empathy, being a Kenvuer means having the power to impact the life of millions of people every day. We put people first, care fiercely, earn trust with science and solve with courage and have brilliant opportunities waiting for you! Join us in shaping our future–and yours.

What You Will Do

Kenvue is hiring a Manager – Vulnerability Management & Risk Governance .

As the Manager of Vulnerability Management and Risk Governance, you will lead the strategic and operational execution of Kenvue’s cybersecurity risk and vulnerability programs across cloud and endpoint environments. This role is pivotal in ensuring alignment with enterprise security policies and industry frameworks, while driving measurable improvements in risk posture.

Key Responsibilities

• Define and lead the vulnerability management (VM) strategy, standards, and operating model. Ensure continuous discovery and coverage across governed assets.
• Ensure adherence to the Vulnerability Management Policy and relevant NIST cybersecurity controls. Maintain alignment with frameworks such as NIST, MITRE, ISO 27005/31000, etc.
• Manage and optimize tools such as Wiz and Microsoft Defender to support the full vulnerability lifecycle—discovery, prioritization, remediation, and reporting.
• Lead the cyber risk governance cadence including steering committees, working groups, RACI matrices, and decision logs. Maintain an up-to-date risk register with clear ownership, prioritization, treatment plans, and timelines.
• Establish and operationalize risk management policies, govern risk data quality, and oversee exception handling processes.
• Translate technical risk posture into business-relevant insights. Define and report on key risk indicators (KRIs), quantify residual risk, and deliver periodic briefings to leadership and audit stakeholders.
• Triage and prioritize vulnerabilities based on business impact and likelihood. Maintain a unified backlog and drive remediation efforts in collaboration with product, infrastructure, and application teams.
• Develop and refine dashboards to measure program effectiveness. Track KPIs, SLAs, and identify roadblocks to drive continuous improvement.
• Lead a team of analysts and engineers, ensuring accountability for remediation SLAs. Partner cross-functionally with Enterprise Architecture, Cloud, Platform, AppSec, IT Operations, and Compliance teams to embed risk-informed decisions into strategic roadmaps.

What we are looking for

• Minimum 10-15 years of experience in cybersecurity, with a strong focus on vulnerability management and risk governance.
• Proven ability to lead cross-functional initiatives and engage stakeholders effectively.
• Hands-on experience with enterprise-grade tools such as Wiz and Microsoft Defender across cloud and endpoint environments.
• Deep understanding of cybersecurity frameworks including NIST, MITRE, ISO, and FAIR, and their practical application in policy and metrics.
• Experience integrating risk workflows with enterprise risk systems and maintaining high-quality risk registers.
• Strong communication skills—both written and verbal—with the ability to convey technical concepts to non-technical audiences.
• Relevant certifications such as Azure Security Engineer/Architect, CCSP, CISM, CRISC, or CISSP.

What’s In It For You

• Competitive Benefit Package
• Paid Company Holidays, Paid Vacation, Volunteer Time, Summer Fridays & More!
• Learning & Development Opportunities
• Employee Resource Groups
• This list could vary based on location/region

Kenvue is proud to be an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender