Vulnerability Management Exposure Management Lead

Job Description

We are looking for a skilled professional with 8 to 13 years of experience to lead our Vulnerability Discovery team, responsible for revolutionizing the way we identify and mitigate digital risks. The ideal candidate will have a strong background in vulnerability management, red teaming, or purple teaming, with expertise in automating vulnerability discovery and developing risk-based metrics to enhance EY’s digital defenses. ### Roles and Responsibility Spearhead the evaluation and management of the firm's digital exposure, identifying and mitigating risks stemming from misconfigurations, vulnerabilities, and mismanaged assets. Collaborate closely with various departments to develop comprehensive strategies to protect EY's digital assets. Develop and implement innovative solutions to complex security challenges, leveraging deep technical expertise. Manage third-party risk assessments and identify assets that fail to meet stringent EY security standards. Monitor emerging threats in the digital landscape and advise on proactive measures to safeguard the firm against potential security breaches. Lead the development of a comprehensive strategy to identify and manage the risk of the firm’s digital footprint. ### Job Requirements Minimum 8 years of experience in vulnerability management, red teaming, or purple teaming. Strong understanding of cloud services, network security, and data protection principles. Expert knowledge of offensive security principles and experience in automating vulnerability discovery. Ability to develop performance metrics and risk-based assessments of digital exposure. Excellent analytical and problem-solving skills, with the ability to translate complex technical issues into clear business impacts. Demonstrated experience in managing third-party risk assessments and vendor relationships. Exceptional communication and interpersonal skills, with leadership experience and the ability to manage and develop a high-performing team. Ability to evaluate and prioritize competing priorities from varying stakeholders. OWASP training is a plus. Incident response experience is a plus.