Position Summary
The Head of Threat and Vulnerability Management will lead the organizations efforts to identify, assess, and mitigate security threats and vulnerabilities. This role will be responsible for overseeing internal and external penetration testing (PT), red teaming exercises, vulnerability management, system hardening, and application and API security. The ideal candidate will have a strong technical background, leadership experience, and a strategic vision for improving the organization s security posture.

Key
1. Leadership and Strategy
Develop and implement a comprehensive threat and vulnerability management strategy.
Lead and manage a team of security professionals, providing guidance, mentorship, and performance evaluations.
Collaborate with other departments to integrate security best practices into all business processes.

2. Penetration Testing and Red Teaming
Plan, execute, and oversee internal and external penetration tests and red team exercises.
Identify vulnerabilities and weaknesses in systems, networks, and applications.
Develop and present detailed reports on findings, including risk assessments and recommendations for remediation.

3. Vulnerability Management
Establish and maintain a robust vulnerability management program.
Identify and reconcile the scope of vulnerability assessment
Conduct regular vulnerability assessments and scans.
Track and prioritize vulnerabilities for remediation based on risk and impact.
Work with IT and development teams to ensure timely and effective vulnerability remediation.
Ensure 100% coverage of assets for vulnerability assessment

4. System Hardening
Develop and implement system hardening guidelines and best practices.
Ensure all systems are configured securely and in compliance with industry standards and regulatory requirements.
Conduct regular audits to verify compliance and identify areas for improvement.

5. Application and API Security
Lead efforts to secure applications and APIs throughout the development lifecycle.
Collaborate with development teams to integrate security into the software development process.
Conduct code reviews, security testing, and vulnerability assessments of applications and APIs.
Reconcile and ensure 100% coverage of applications and APIs for vulnerability assessment

6. Third party Cyber Risk management
Establish and maintain a robust vulnerability remediation identified by third parties
Lead efforts to secure organisation external interface and support mitigate risks from the TPRM view
Ensure complete coverage of Organisation external IT infrastructure by these third party scanners

Qualifications
Bachelors degree in computer science, Information Security, or a related field. Master s degree preferred.
Minimum of 15-18 years of experience in information security, with at least 5 years in a leadership role.
Strong technical expertise in penetration testing, red teaming, vulnerability management, system hardening, and application security.
Relevant certifications such as CISSP, CISM, OSCP, CEH, or similar.
Excellent understanding of security frameworks and standards (e.g., NIST, ISO 27001, OWASP).
Proven ability to lead and manage a team of security professionals.
Strong analytical, problem-solving, and decision-making skills.
Excellent communication and interpersonal skills.

Preferred Skills
Experience with security tools and technologies (e.g., SIEM, IDS/IPS, vulnerability scanners, etc.).
Knowledge of regulatory requirements and industry standards (e.g., GDPR, HIPAA, PCI-DSS).
Familiarity with cloud security, container security and DevSecOps practices.

Key Skills