Manager, Vulnerability Management in Madison, Wisconsin

Job Summary

As the Manager of Vulnerability Management you will paly a key role in the success of the vulnerability and configuration management program by identifying security risks, prioritizing actions based on intelligence-driven processes, and proactively responding to emerging threats. This role will be the face of the program and will oversee a managed service provider that performs the day-to-day functions of the vulnerability and configuration management program.

Responsibilities:

• Provide oversight and direction to managed service provider to work on vulnerability and configuration scans, analysis, and reporting to support the organization.

• Develop strategy for a risk-based vulnerability management program for the organization.

• Collaborate closely with cross-functional teams to facilitate the timely remediation of vulnerabilities and misconfigurations, with a strong focus on effectiveness and risk management.

• Partner with Cyber Threat Intelligence, the Cybersecurity Incident Response team, and technology remediation groups to deliver shared outcomes that measurably improve our efficacy to detect and remediate vulnerabilities.

• Determine tools and resources needed to support the organization’s need to identify and prioritize vulnerability and configuration deficiencies.

• Establish organization secure configuration standards across operating systems, applications, and devices.

Ideal Candidates Will Have Experience:

• Managing a team or Managed Service Provider

• Vulnerability and configuration management within healthcare environment

• Using ServiceNow Vulnerability Response module

• Contributing or developing polices or standards

Salary:

The pay range for this position is $48.72/hour ($101,337/year) for those with entry-level qualifications up to $84.42/hour ($175,593/year) for those highly experienced. The specific rate will depend upon the successful candidate’s specific qualifications and prior experience.

BENEFITS

Our competitive benefits package includes the following

• Immediate eligibility for health and welfare benefits

• 401(k) savings plan with dollar-for-dollar match up to 5%

• Tuition Reimbursement

• PTO accrual beginning Day 1

Note: Benefits may vary based upon position type and/or level

Preferred Certifications:

• Certified Information Systems Professional (CISSP)

• Certified Information Security Manager (CISM)

• CompTIA Advanced Security Practitioner (CASP+)

Preferred Qualifications

• BS Degree in computer science, computer engineering, software engineering, cybersecurity or related technical degree

• or 5 years equivalent technology experience

• 5+ years’ experience in information security in an enterprise environment

• 3+ years’ experience assessing and implementing vulnerability management tools, vulnerability scan configurations, vulnerability reporting, and vulnerability remediation in an enterprise environment.

• Knowledge of common software, operating systems vulnerabilities, Unix/Lenux

• Strong experience with Vulnerability Management Platforms such as Tenable, Qualys, Rapid7, in a large corporate environment.

• Experience with Center for Internet Security (CIS) benchmarks for secure configurations.

• Understanding of cybersecurity organizational practices, operations risk management processes, architectural requirements, and vulnerability risk.

• Experience with controls or frameworks such as NIST 800-53, NIST CSF, CIS, MITRE ATT&CK

• Strong experience in reading and understanding vulnerability scans

• Experience creating and running authenticated and unauthenticated scans

• Knowledge of data communications terminology (e.g., networking protocols, Ethernet, IP, encryption, optical devices, removable media).

• Knowledge of existing, emerging, and long-range issues related to cyber operations strategy, policy, and organization

Minimum Qualifications

• EDUCATION – Bachelor’s or 4 years of work experience above the minimum qualification

• EXPERIENCE – 5 Years of Experience

As a health care system committed to improving the health of those we serve, we are asking our employees to model the same behaviours that we promote to our patients. As of January 1, 2012, Baylor Scott & White Health no longer hires individuals who use nicotine products. We are an equal opportunity employer committed to ensuring a diverse workforce. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.