Threat & Vulnerability Manager

Job Title: Threat & Vulnerability Manager

Contract Type: Permanent

Location: Edinburgh or Alderley Edge

Working style: Hybrid 50% home/office based

Closing date: 12th May 2024

We’re expanding our security and resilience team within the CISO office. Over the last few years, we’ve been on a continuous improvement journey and are looking to expand the team. These new roles will allow us to fully enact our threat-led security program, drive further improvements across cyber and support our organisational goal of building a secure and resilient mutual. With a security team over 50 already, these new roles will enhance our capabilities as the threat landscape continues to evolve.

We are seeking a highly skilled and experienced Threat and Vulnerability Manager to join Royal London. In this role, you will play a critical part in safeguarding our organisation against potential threats and vulnerabilities. Your expertise and strategic thinking will be essential in protecting our sensitive information and ensuring the overall security of our operations.

In this position, you will be responsible for the management of vulnerabilities across the Royal London estate. You will lead on the identification, prioritisation and remediation tracking of vulnerabilities to ensure that Royal London is securely maintained and operated in line with legislative, regulatory, and business security requirements. You will work closely with cross-functional teams to implement security measures and provide guidance on best practices. Additionally, you will stay up to date with the evolving threat landscape and proactively research emerging threats.

This is an excellent opportunity for a meticulous and results-driven professional with a strong background in cybersecurity. If you are enthusiastic about protecting sensitive information and have a proven track record of implementing effective security measures, we would love to hear from you.

About the role

• Oversee a team of patching and vulnerability analysts providing effective leadership and helping to navigate through senior management and business approvals, thereby ensuring vulnerabilities are managed appropriately and within documented SLAs.  Provide guidance, support, and mentorship to foster professional growth and maximise individual and team performance.
• Management of all governance routines related to this key control.
• Ensuring all vulnerabilities are triaged, prioritised, tracked, remediated, and managed appropriately within documented SLA and compensating controls identified and implemented where necessary.
• Provide metrics and reports with relevant narrative including updates and plans for remediation activities.
• Review and enhance processes and technologies used to support and execute vulnerability management process.
• Operate collaboratively with other Security Leads and the wider IT team to triage and remediate security threats and vulnerabilities within SLA.
• Collaborate with the incident response team in investigating and responding to security incidents, providing expertise and support in the utilisation of security technologies to identify, contain, and remediate threats.
• Remain up to date on cutting-edge technology, threat landscape and vulnerability exploitation techniques.
• Ability to work in own team but also manage others from third parties.

About you

• Proven experience in vulnerability management and application security technologies.  Experience leading a vulnerability management team preferable.
• Proficient in using vulnerability management tools such as Tenable, Kenna, Qualys, Rapid7 and Tanium.
• Good understanding and practical experience of Cyber Security Frameworks and standards, e.g. NIST.
• Strong understanding of information security concepts, technologies, and best practices.
• Excellent problem-solving and analytical skills with effective communication and presentation abilities.
• Working knowledge of OWASP, MITRE, CVSS and other standards/frameworks relevant to vulnerability management.
• Experience in managing risks and issues and implementing mitigation strategies.
• Ability to manipulate data, extract insight and provide reporting to key stakeholders for actionable tasks.
• Previous experience of working within a regulated environment in the financial services industry desirable 
• MS Excel and MS Power BI proficiency, preferable.
• Relevant certifications (e.g., CISSP, CISM, CompTIA Sec+) are a plus.

About Royal London

We’re the UK’s largest mutual life, pensions and investment company, offering protection, long-term savings and asset management products and services.   

Our People Promise to our colleagues is that we will all work somewhere inclusive, responsible, enjoyable and fulfilling. This is underpinned by our Spirit of Royal London values; Empowered, Trustworthy, Collaborate, Achieve. 

We've always been proud to reward employees by offering great workplace benefits such as 28 days annual leave in addition to bank holidays, an up to 14% employer matching pension scheme and private medical insurance. You can see all our benefits here - Our Benefits  

Inclusion, diversity and belonging. 

We’re an Inclusive employer. We celebrate and value different backgrounds and cultures across Royal London. Our diverse people and perspectives give us a range of skills which are recognised and respected – whatever their background.