Manager - Vulnerability Management

Qiddiya Investment Company is seeking a proactive and detail-oriented Manager - Vulnerability Management to lead our efforts in identifying, assessing, and prioritizing vulnerabilities within our IT infrastructure and applications. In this critical role, you will be responsible for developing and implementing a robust vulnerability management program that enhances the security posture of our organization.

Your expertise will be vital in coordinating vulnerability assessments, managing remediation efforts, and collaborating with various teams to ensure that vulnerabilities are effectively addressed and mitigated.

Key Responsibilities

• Develop and implement a comprehensive vulnerability management strategy, including policies, procedures, and best practices.
• Conduct regular vulnerability assessments and penetration testing to identify weaknesses in systems, applications, and network infrastructure.
• Prioritize identified vulnerabilities based on risk assessment and business impact, and provide actionable recommendations for remediation.
• Collaborate with IT and development teams to ensure timely resolution of vulnerabilities and track remediation efforts.
• Monitor and evaluate the effectiveness of existing security controls to reduce vulnerability exposure.
• Stay current with emerging vulnerabilities and threats, providing guidance on necessary updates to the vulnerability management program.
• Prepare reports and presentations for senior management outlining vulnerability trends, remediation status, and risk mitigation efforts.
• Conduct training and awareness programs to foster a culture of security among staff regarding vulnerability management practices.

• Bachelor's degree in Cybersecurity, Information Technology, or a related field.
• 5+ years of experience in vulnerability management, penetration testing, or IT security roles.
• Strong knowledge of vulnerability assessment tools and techniques, as well as common vulnerabilities and exploits.
• Experience with risk management frameworks and security standards (e.g., NIST, ISO 27001, CIS Controls).
• Excellent analytical and problem-solving skills.
• Strong communication and interpersonal skills, capable of conveying technical information to non-technical stakeholders.
• Relevant certifications (e.g., Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), or similar) are highly desirable.

Comprehensive benefits package