Director, Threat and Vulnerability Management
Job Summary
The Director of Threat & Vulnerability Management is responsible for leading the enterprise-wide strategy, execution, and continuous maturity of Threat Intelligence, Threat Hunting, and Vulnerability Management programs. This role provides strategic direction and operational leadership to proactively identify, prioritize, and mitigate cyber threats and vulnerabilities using a risk-based approach aligned to business impact. The Director partners closely with engineering, infrastructure, application security, incident response, and risk teams to ensure security controls are effective, measurable, and continuously improved. The role reports outcomes to senior leadership and plays a critical role in reducing organizational cyber risk.
Responsibilities
Strategic Leadership
- Lead and continuously evolve the enterprise Threat Intelligence, Threat Hunting, and Vulnerability Management programs.
- Define and execute a multi-year Threat & Vulnerability Management strategy aligned to organizational risk appetite and business priorities.
- Establish measurable security KPIs and maturity metrics; regularly present program effectiveness and risk posture to senior management.Threat Intelligence & Hunting
- Build and mature a Cyber Threat Intelligence (CTI) program that aggregates strategic, operational, and tactical intelligence from internal and external sources.
- Lead proactive threat hunting initiatives across enterprise and compute environments to identify dormant threats, advanced adversaries, and supply chain compromises.
- Map threat actor TTPs (Tactics, Techniques, and Procedures) to the MITRE ATT&CK framework to identify gaps in detection and prevention coverage.Vulnerability Management
- Establish and drive a risk-based vulnerability management model that prioritizes remediation based on exploitability, asset criticality, and business impact.
- Ensure timely remediation, validation, and reporting of identified vulnerabilities and security gaps across infrastructure, applications, and cloud environments.
- Partner with technology and business teams to embed vulnerability remediation into operational and engineering workflows.Technology & Innovation
- Evaluate and implement AI-driven and automation technologies to improve efficiency, scale, and effectiveness of threat and vulnerability operations.
- Continuously assess current security processes and tools to identify opportunities for optimization and enhanced risk reduction.Collaboration & Communication
- Serve as a trusted advisor to engineering, architecture, risk, and incident response teams on threat and vulnerability matters.
- Communicate complex security topics clearly to both technical and non-technical stakeholders, including executives and regulators.
- Build strong relationships with internal partners and relevant external security communities and vendors.People Leadership
- Lead, mentor, and develop a high-performing team of security professionals;
- Foster a security-aware and accountability-driven culture.
Functional Skills
Deep knowledge of cyber threat actors and their tactics, techniques and procedures
Knowledge of scripting to enhance hunting capabilities
Familiarity with AI capabilities and how to use them to build efficiencies and automation
Strong knowledge of vulnerability management identification, analysis and treatment capabilities
Thorough understanding and familiarity with relevant standards including National Institute of Standards and Technology (NIST) and Federal Financial Institutions Examination Council (FFIEC)
Foundational Skills
Communicates effectively
Anticipates changing business needs, adjusts priorities accordingly, and allocates necessary resources and budget to achieve objectives
Equips the business to become an effective competitor in an highly dynamic landscape
Considers stakeholder needs and input as well as best practices and insights from industry trends when making strategic decisions
Flexible, decisive, and serves as a trusted advisor to senior leaders within the organization
Demonstrates effective negotiation and influencing skills
Prioritizes and facilitates an culture of continuous improvement and systems thinking
Creates an environment that fosters communication, transparency, and collaboration
Cultivates innovation and values learning as a lifelong professional
Leads by example, engaging inclusively and with intent
Always acts with integrity
Analytical thinking
Iterative problem-solving
Work Experience
10+ years of progressive experience in cybersecurity, including threat intelligence, threat hunting, vulnerability management, or detection engineering
Proven experience leading enterprise-scale security programs and teams
Deep understanding of threat actor behaviors, MITRE ATT&CK, vulnerability exploitation, and modern attack techniques
Strong experience with risk-based security frameworks and metrics
Familiarity with AI/ML applications in security operations
Experience with scripting in languages such as Python
Strong knowledge of vulnerability management identification, analysis and treatment capabilities
Education
Bachelor's degree in Computer Science or a closely-related discipline, or an equivalent combination of formal education and experience