Director of Vulnerability Management and InfoSe...

How would you like to work in a place where your contributions and ideas are valued? A place where you can serve with compassion, pursue excellence and honor every voice? At Wellstar, our mission is simple, yet powerful: to enhance the health and well-being of every person we serve. We are proud to have become a shining example of what's possible when the brightest professionals dedicate themselves to making a difference in the healthcare industry, and in people's lives.

Work Shift

Job Summary:

As the Director of Vulnerability Management and InfoSec Technology, you will manage and direct processes vulnerability management strategy across the enterprise at a global level as well as manage the tools and technology leverage by the Information Security team. This includes all of the strategy, the policies, as well as scanning and monitoring. Additionally, you will be responsible for risk posture, tracking remediation and patch management.

Responsibilities:

• Develop and execute a comprehensive vulnerability management strategy aligned with organizational cybersecurity objectives and risk tolerance.
• Create policies, procedures, and standards related to Information Security
• Oversee day-to-day operations of Vulnerability Management capabilities, managing escalations, collaborating with tools and vulnerability management remediation teams.
• Prioritize vulnerability and penetration test remediation based on severity ratings and business criticality.
• Proactively identify and communicate areas of concentrated risk and provide actionable security guidance to teams throughout the organization.
• Update and refine platform-defined vulnerability impact ratings to ensure accurate prioritization of risks.
• Support continuous improvement activities by assessing mitigation and detection capabilities, establishing repeatable testing processes, and monitoring remediation progress.
• Conduct focused technical analyses, including Network Mapping, Asset Discovery, and Vulnerability Scanning, and in support of the program, managing patch releases and control uplift projects encompassing architecture and engineering tasks.
• Conduct platform, data, performance, and software engineering assessments following the Common Vulnerability Scoring System (CVSS) and MITRE ATT&CK frameworks.
• Integrate the vulnerability management program with the larger security operations organization including incident response, threat intelligence, and penetration testing initiatives to gain a holistic view of actively exploited threats and internal vulnerabilities. Work collectively to inform and drive security uplift strategy.

Core Responsibilities and Essential Functions:

• Develop and execute a comprehensive vulnerability management strategy aligned with organizational cybersecurity objectives and risk tolerance.
• Review and develop technical strategy for supporting technology for Information Security to include Vulnerability Management reporting, Cloud Posture Security Management, Metrics and Reporting platforms, Application Security platforms, and others as the need or risk is identified
• Oversee day-to-day operations of Vulnerability Management capabilities, managing escalations, collaborating with tools and vulnerability management remediation teams
• Prioritize vulnerability and penetration test remediation based on severity ratings and business criticality. This would include communicating with technology owners to understand importance or remediation and arbitration of time lines
• Develop and communicate metrics for Information Security to leadership and explanation of metrics
• Manage direct reports and supporting team members (more than 10 total)
• Performs other duties as assigned
• Complies with all Wellstar Health System policies, standards of work, and code of conduct.

Required Minimum Education:

• High School Diploma General
• Bachelors Computer Science or Bachelors Other

Required Minimum License(s) and Certification(s):All certifications are required upon hire unless otherwise stated.

Required Minimum Experience:

• Minimum 3 years Managing Information Security teams Required

• Minimum 6 years Vulnerability Management Operations Required

Required Minimum Skills:

• Excellent written and oral communication skills.
• In-depth knowledge of information security concepts and methodologies
• Strong analytical and problem-solving skills
• Must have the ability to influence others to work collaboratively to achieve results.
• Advanced organizational, planning and time management skills
• In-depth knowledge of risk management methodologies and approach