[Hiring] Manager, Enterprise Vulnerability Management @Hyland

Role Description

The Manager, Enterprise Vulnerability Management is responsible for the strategy, design, implementation, and continuous improvement of the enterprise-wide vulnerability management program. This role drives risk-based prioritization, remediation, and maturity of vulnerability processes across cloud, on-premises, containers, applications, endpoints, and infrastructure. This leader will manage a team of analysts and partner with security engineering, product, and leadership teams to reduce organizational risk from vulnerabilities while enabling secure and reliable operations.

• Define, evolve, and execute the team-level and program execution strategy for enterprise vulnerability management aligned with business objectives (e.g., SOC 2, ISO 27001), including metrics, dashboards, and continuous improvement initiatives.
• Oversee the end-to-end vulnerability management lifecycle including discovery, assessment, risk-based prioritization, remediation/mitigation, and verification using frameworks that combine technical severity with business impact.
• Partner with engineering, IT, AppSec, and cloud teams to triage vulnerabilities from scanners, penetration tests, and bug bounties — removing blockers and ensuring accountability for remediation.
• Build, document, and optimize processes for asset management, scanning, reporting, and tracking while identifying and driving automation opportunities to scale the program.
• Provide executive-level reporting on program effectiveness, risk posture, trends, and key metrics, ensuring alignment with internal policies, industry standards, and audit requirements.
• Lead, develop, and mentor a team of vulnerability management analysts, fostering accountability, personal growth, and a culture of continuous improvement.

Qualifications

• Bachelor's degree in computer science, information security, or equivalent experience, with 8+ years in information security and at least 3 years focused on vulnerability management.
• Proven track record building, scaling, or leading a vulnerability management program in a large, complex environment (multi-cloud, global, or high-scale tech/SaaS preferred).
• Deep knowledge of vulnerability management tools and strong understanding of asset discovery, scanning methodologies, cloud security (AWS, Azure, GCP), containers, and modern infrastructure.
• Knowledge of relevant frameworks: NIST, FedRAMP, CIS, OWASP, ISO 27001.
• Excellent program management, leadership, and communication skills with the ability to drive complex cross-functional initiatives with measurable outcomes.
• Willingness to travel up to 5% as required.

Requirements

• Relevant certifications: CISSP, CISM, CRISC, GIAC, CCSP, or vendor-specific.
• Experience with automation/scripting and integration with DevOps pipelines (e.g., CI/CD, ticketing systems, or orchestration tools).
• Demonstrated fiscal responsibility and accountability in managing budgets.
• Superior ability to coach, mentor, and develop team members and identify future leaders.
• Strong business and technology acumen with the ability to engage and present effectively at the executive level.

Benefits

• The salary range for this role is $153,000 – $172,000. The listed salary range represents a good faith estimate at the time of posting. The listed range may be adjusted in the future based on business needs. Actual compensation will be based on job-related factors including, but not limited to, qualifications, skills, and experience.