My client, a prestigious Insurance company, based in London, are looking for a Head of Cyber Threat Exposure to join their growing team. This is effectively Head of Vulnerability Management/Pentesting. In this role you will have 20 direct reports and this position is effectively remote (you may need to go into their offices 1/2 per month).
Unfortunately this job does NOT offer sponsorship.
About the Head of Cyber Threat Exposure:
The Head of Cyber Threat Exposure reports to the Director of Cyber Defense and plays a crucial role in all aspects of vulnerability management and offensive activities across my client to manage business exposure to cyber threats. The purpose of this role is to provide threat-led cyber security leadership, subject matter expertise, oversight, E2E process design and implementation, and coordination of vulnerability management and offensive security services such as penetration testing, assumed breach testing, attack and social engineering simulations, red and purple teaming across all technology in BGIUK.
The role holder is responsible for leading a team of technical security experts to drive a continuous ecosystem for managing vulnerabilities and offensive security to limit my client's exposure from both strategic and tactical threats. The role holder will work in conjunction with the CISO and Technology Leadership Teams and be responsible for the design, implementation, continuous improvement and evolution of the processes and services for threat-led vulnerability management and offensive security across my client and its Business Units. The role and team will provide comprehensive dashboarding and reporting capabilities leveraging threat intelligence and proactively identify, prioritise, and remediate vulnerabilities and threat exposures in line with applicable policies, directives, controls, standards and SLAs.
Accountabilities and Responsibilities
This role is accountable for:
- Leading and directing the Cyber Threat Exposure team with responsibility for managing and remediating security-related threats – supporting the Director of Cyber Technology in the definition and implementation of vulnerability management and offensive security strategies and technology roadmap.
- Develop, implement, and schedule a vulnerability management program which includes regular vulnerability scanning, assessment, prioritisation, and remediation activities, with clearly defined management ownership.
- Developing and maintaining vulnerability management processes, procedures, and tools to ensure timely identification, assessment, and remediation of vulnerabilities. Providing guidance on root cause and managing the full lifecycle of reported vulnerabilities through to closure.
- Overseeing and coordinating security testing activities (such as penetration testing, assumed breach testing, red and purple teaming) across my client's systems, networks, applications and third parties to identify security weaknesses and exposures. Including overseeing services provided by external providers.
- Collaborating with the Group CISO function and cross-functional teams across my client including the wider CISO teams, senior technology leadership, technology teams, architecture, cloud, security operations and Group and UK threat intelligence teams to coordinate successful vulnerability remediation efforts and track progress towards resolution.
- Providing guidance on remediation strategies, security best practices, and risk mitigation measures, ensuring alignment with organisational goals.
- Lead on the capability to execute attack and social engineering simulations using industry best practice techniques and tools.
- Preparing and presenting vulnerability assessment reports, security testing results, and recommendations to senior management and other stakeholders, ensuring reports are appropriate for the relevant audience (e.g., technical or senior leadership).
- Defining performance metrics and continuously monitoring and evaluating the effectiveness of cyber threat exposure management controls and processes and identifying opportunities for improvement.
Providing a thoughtful approach to risk management and controls simplification with measurable data driven outcomes ensuring all appropriate exceptions, issue or risk processes are strictly adhered to.
If this role is for you please apply to this job advertisement or call me on 0207 509 8040 to find out more.
Robert Walters Operations Limited is an employment business and employment agency and welcomes applications from all candidates