“It feels good to have a career with real purpose.”

Contract Type: Permanent
Location: Glasgow or Alderley Park (Wilmslow)
Working Style: Hybrid - 50% from home / 50% office based

Reporting to the Head of Attack Surface Management, the Threat and Vulnerability Manager is accountable for defining, owning and operating Royal London’s enterprise patching and vulnerability management capability. The role ensures vulnerabilities are identified, prioritised, governed and reported in line with business risk, regulatory expectations and industry best practice, supporting cyber resilience across the Group. 

You will lead Royal London’s patching and vulnerability management capability, working closely with operational technology teams and our partner resources. Through strong collaboration, clear prioritisation and effective reporting, you will help ensure that vulnerabilities are managed transparently and treated in a timely, risk informed way, strengthening our overall cyber resilience. 

More About the role:

• Own the enterprise patching and vulnerability management framework, standards, policies, processes, controls and operating model. 

• Own the end-to-end vulnerability lifecycle including identification, triage, risk-based prioritisation, remediation tracking and closure. 

• Define and manage vulnerability SLAs, KPIs and KRIs aligned to asset criticality, exposure and business impact. 

• Provide executive-level reporting on vulnerability exposure, trends, insights and remediation performance. 

• Oversee patching and vulnerability-related operational controls, ensuring they are documented, tested, evidenced and continuously improved. 

• Work closely with technology and service teams to ensure remediation activities are delivered in line with defined SLAs. 

• Oversee third-party providers delivering vulnerability scanning and patching services. 

• Support assurance activity, control testing and risk event management related to vulnerability and patching risk. 

• Continuously improve processes, controls and tooling supporting Attack Surface Management. 

• Remain current on the threat landscape and emerging vulnerability exploitation techniques. 

What you will bring to the role:

• Strong experience leading vulnerability and patch management in a complex enterprise environment. 

• Deep understanding of exposure management, attack surface concepts and risk-based vulnerability prioritisation. 

• Hands-on experience with vulnerability management tools such as Tenable One. 

• Good understanding of operating systems, infrastructure, applications and how vulnerabilities manifest across different asset types. 

• Experience defining control frameworks, SLAs and executive reporting. 

• Experience working in regulated environments; financial services desirable. 

• Comfortable engaging with and influencing senior stakeholders, translating technical findings into clear business risk insights. 

• Experience managing third-party or outsourced service providers. 

• Knowledge of cyber security frameworks, standards and good practice, with a continuous improvement mentality. 

• Relevant security qualifications (CISSP, CISM or equivalent) beneficial but not essential. 

If you feel you’d be a great fit for Royal London but don’t meet every requirement, we’d still love to hear from you. Research shows some candidates are less likely to apply unless they meet 100% of the criteria - if you meet most requirements and are keen to learn, we encourage you to apply!

About Royal London

We’re the UK’s largest mutual life, pensions and investment company, offering protection, long-term savings and asset management products and services.   

Our People Promise to our colleagues is that we will all work somewhere inclusive, responsible, enjoyable and fulfilling. This is underpinned by our Spirit of Royal London values; Empowered, Trustworthy, Collaborate, Achieve. 

We've always been proud to reward employees by offering great workplace benefits such as 28 days annual leave in addition to bank holidays, an up to 14% employer matching pension scheme and private medical insurance.

Inclusion, diversity and belonging

We’re an inclusive employer. We celebrate and value different backgrounds and cultures across Royal London. Our diverse people and perspectives give us a range of skills which are recognised and respected – whatever their background.