Vulnerability Management Exposure Management Lead

Job Description

The Exposure Assessment Lead within Vulnerability Management will spearhead the evaluation and management of the firms digital exposure, identifying and mitigating risks stemming from misconfigurations, vulnerabilities, and mismanaged assets. The candidate will play a crucial role in managing third-party risk assessments and identifying assets failing to meet stringent EY security standards. Collaborating closely with various departments, the lead will enhance digital risk management practices and develop comprehensive strategies to protect EYs digital assets. Additionally, you will monitor emerging threats in the digital landscape, advising on proactive measures to safeguard the firm against potential security breaches. Skills and attributes for success Strong written communication skills Analytical background Strategic planning experience Demonstrated ability to distil complex, technical data into clear, concise explanations Interest in developing creative solutions to complex issues Ability to handle high volume requests Collaborative mindset Efficient research methodologies To qualify for the role you must have A minimum of 8 years of experience in vulnerability management, red team, or purple team Strong understanding of cloud services, network security, and data protection principles Expert knowledge of offensive security principles Experience in automating vulnerability discovery An understanding and clear ability to develop performance metrics and risk-based assessment of digital exposure Excellent analytical and problem-solving skills, with the ability to translate complex technical issues into clear business impacts Demonstrated experience in managing third-party risk assessments and vendor relationships Exceptional communication and interpersonal skills Experience developing team and program performance metrics Leadership experience with the ability to manage and develop a high-performing team Ability to evaluate and prioritize competing priorities from varying stakeholders Ideally, you ll also have OWASP training Incident response experience