Vulnerability Management Lead
Toronto, ON, Canada
Full Time
Manager/Supervisor
Role Overview:
We are seeking a seasoned Vulnerability Management Lead to oversee and evolve our enterprise-wide threat and vulnerability management program. This role sits at the intersection of security operations and strategic program leadership — responsible for driving systematic identification, assessment, prioritization, and remediation of vulnerabilities across a complex global environment spanning on-premises infrastructure, cloud platforms, and hybrid deployments.
The ideal candidate brings both hands-on technical depth and the leadership acumen to engage stakeholders at all levels — from engineering teams executing remediations to executives requiring clear risk summaries. This is a high-impact position for someone passionate about operational excellence and continuous program improvement.
Key Responsibilities:
Qualifications:
We are seeking a seasoned Vulnerability Management Lead to oversee and evolve our enterprise-wide threat and vulnerability management program. This role sits at the intersection of security operations and strategic program leadership — responsible for driving systematic identification, assessment, prioritization, and remediation of vulnerabilities across a complex global environment spanning on-premises infrastructure, cloud platforms, and hybrid deployments.
The ideal candidate brings both hands-on technical depth and the leadership acumen to engage stakeholders at all levels — from engineering teams executing remediations to executives requiring clear risk summaries. This is a high-impact position for someone passionate about operational excellence and continuous program improvement.
Key Responsibilities:
- Own the end-to-end vulnerability management lifecycle across enterprise environments including Windows and Linux operating systems, network infrastructure, cloud platforms (AWS and Azure), containerized applications, and digital certificate management.
- Execute and oversee ongoing vulnerability scanning, risk prioritization, and structured remediation workflows across cloud and on-premises systems, applying recognized industry frameworks and security best practices.
- Develop and maintain a metrics and reporting framework to measure program maturity, track remediation SLAs, and communicate risk posture to internal and external stakeholders — leveraging automation to reduce manual effort and improve accuracy.
- Serve as the internal subject matter authority on vulnerability risk, providing guidance to both technical and non-technical teams on threat impact, exploitability, and remediation options — including endpoint protection, network-level controls, and cloud-native security mechanisms.
- Build and maintain collaborative working relationships with cross-functional and global teams to ensure vulnerability risks are clearly communicated, tracked, and resolved in alignment with organizational risk appetite.
- Lead root cause analyses following security events or remediation gaps, and produce clear executive-level reports summarizing findings, risk exposure, and recommended courses of action.
- Support day-to-day program operations including documentation upkeep, policy and procedure development, and participation in incident response activities as required.
- Continuously assess and improve program tooling, processes, and detection capabilities to stay ahead of the evolving vulnerability landscape and organizational scale.
- Plan and coordinate security testing and validation exercises — including scan coverage reviews, finding validation, and remediation verification — across applications, infrastructure, and data environments.
- Prepare and deliver SLA-aligned, volume-based, and risk-tiered reporting for internal leadership and external stakeholders as required.
Qualifications:
- Bachelor's degree in a relevant field with 5+ years of progressive experience in information security, with a focus on vulnerability management or security operations.
- Demonstrated hands-on proficiency with enterprise vulnerability scanning platforms such as Rapid7, Qualys, Tenable, or Armis; familiarity with SIEM tooling, ticketing/workflow systems (e.g., ServiceNow Vulnerability Response), and hybrid cloud security environments (AWS, Azure).
- Proven track record leading vulnerability management functions — including full-cycle scanning operations, risk communication, and remediation tracking across diverse technology environments.
- Working knowledge of data visualization and reporting platforms such as Wiz, Snowflake, or Power BI, with strong proficiency in Excel and PowerPoint for stakeholder reporting and analysis.
- Scripting experience in Python or PowerShell is an asset, particularly for automation of vulnerability workflows and process optimization.
- Familiarity with security and compliance frameworks such as NIST CSF or ISO 27001 is beneficial.
- Strong organizational skills with the ability to manage competing priorities independently while contributing effectively within collaborative team settings.
- Exceptional communication skills — able to translate complex, technical vulnerability findings into business-relevant language for executive and non-technical audiences.
Apply for this position
Required*