Vulnerability Management LeadContract Length: 12 MonthsLocation: UK (Remote/Hybrid Options Available)
About the Organisation:A key government function is seeking a Vulnerability Management Lead to join a specialist security team dedicated to protecting public sector digital infrastructure. This team plays a vital role in safeguarding domain name spaces and associated digital services, ensuring their stability, trustworthiness, and resilience against cyber threats.
Role Overview:In this position, you will enhance the team's capability to assess and manage vulnerabilities in infrastructure, tools, and services widely used across the public sector. You will work closely with stakeholders to provide risk-based security guidance, improve vulnerability management processes, and contribute to the overall reduction of cyber risk.
Key Responsibilities:- Expand the team’s expertise beyond domain-related vulnerabilities to cover broader infrastructure security risks.
- Classify and triage vulnerabilities at scale, ensuring effective prioritization.
- Assist public sector bodies in assessing and responding to vulnerability reports.
- Guide organisations in implementing risk-based approaches to vulnerability management.
- Proactively leverage threat intelligence to inform strategic mitigation efforts.
- Develop written guidance and best practices to support stakeholders in resolving security issues.
- Build strong relationships across the public sector to accelerate vulnerability remediation.
- Identify common security challenges and propose scalable solutions.
- Work alongside cross-government cyber security teams to enhance operational security measures.
- Expert understanding of security risks and advantages of commodity products and technologies.
- Strong knowledge of current cyber security threats, risks, and mitigation strategies.
- Experience in performing risk assessments and vulnerability assessments.
- Ability to develop security guidelines and mitigation strategies aligned with business risks.
- Proficiency in specifying and deploying security controls, aligning with industry best practices.
- Good understanding of cyber security products, services, and cloud computing architectures.
- Ability to communicate security concepts effectively to both technical and non-technical audiences.
- Certified Cyber Professional (CCP)
- Certified Information Systems Security Professional (CISSP)
- ISO27001 Lead Implementer or similar industry certifications