Description
The Manager of Vulnerability Management will be responsible for defining and leading a comprehensive vulnerability management program across the enterprise. This role requires a combination of strong technical knowledge, team leadership, and strategic communication skills to effectively prioritize risks, coordinate remediation efforts with internal teams, and report on the organization's security posture to senior leadership. The manager will oversee the entire vulnerability management lifecycle, from identification and assessment to remediation and validation.
HAVE THE OPPORTUNITY TO:
Program leadership: Define, develop, and execute the strategy and roadmap for the enterprise vulnerability management program, including objectives, policies, and procedures.
Team management: Lead, mentor, and develop a team of security professionals specializing in vulnerability assessment, threat intelligence, and penetration testing.
Cross-functional collaboration: Partner with IT operations, application development, and business unit leaders to prioritize and drive the remediation of vulnerabilities. Act as an escalation point for complex or critical security issues.
Risk prioritization: Move beyond simple CVSS scores to contextualize vulnerabilities based on asset criticality, business impact, and real-world threat intelligence. Ensure remediation efforts are focused on the highest-impact risks.
Tooling and technology: Manage and maintain vulnerability scanning platforms (e.g., Qualys, Tenable, Rapid7). Evaluate, recommend, and implement new security tools and automation to improve program efficiency.
Reporting and metrics: Develop and deliver meaningful metrics, reports, and dashboards to track progress on remediation and communicate the organization's risk posture to technical teams and executive leadership.
Threat intelligence: Stay up-to-date with the latest vulnerabilities and threats, and integrate this information into the program to enhance proactive defense capabilities.
Incident response support: Provide vulnerability management expertise during incident response activities and contribute to security architecture reviews.
Process improvement: Identify and drive continuous improvement opportunities within the vulnerability management lifecycle, including automation of processes and enhancing documentation.
Compliance and auditing: Ensure that the program meets relevant compliance and regulatory requirements and support internal and external audit activities.
Cyber Threat Intelligence Capabilities
Actionable intelligence: Integrate and operationalize cyber threat intelligence (CTI) from internal, open-source, and commercial feeds to provide actionable insights for vulnerability prioritization.
Threat analysis and context: Provide in-depth analysis of vulnerabilities by correlating them with relevant threat actors, tactics, techniques, and procedures (TTPs), and exploit trends.
Proactive defense: Use threat intelligence to get early warnings of emerging vulnerabilities, including zero-day threats, and to implement temporary mitigation controls until a patch is available.
Reporting and dissemination: Produce and disseminate timely and relevant threat intelligence reports and briefings for security teams, incident responders, and executive leadership.
External collaboration: Participate in threat intelligence sharing communities and collaborate with industry information-sharing groups (ISACs) to stay informed of threats relevant to the organization.
Malware and campaign analysis: Assist with the analysis of malware, phishing campaigns, and other threat activity to understand the threat landscape and improve internal detection capabilities.
Monitoring and awareness: Continuously monitor the external threat landscape, including the open, deep, and dark web, to track adversary activity and assess potential impact.
YOU’LL THRIVE IN THIS ROLE IF YOU HAVE THE FOLLOWING SKILLS AND QUALITIES:
Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent work experience.
5+ years of progressive experience in information security, with at least 2 years in a leadership or management role.
Demonstrated experience building and managing an enterprise vulnerability management program.
Expert-level knowledge of enterprise vulnerability scanning and management tools, such as Qualys, Tenable, or Rapid7.
Strong understanding of vulnerability scoring systems (CVSS), common vulnerabilities and exposures (CVE), and vulnerability management frameworks (e.g., NIST, ISO 27001).
Proven ability to lead cross-functional teams and effectively communicate complex technical and risk-related issues to both technical and non-technical audiences.
Highly desired certifications include CISSP, CISM, or other relevant security certifications.
Experience with scripting languages (e.g., Python, PowerShell) for automation is a plus.
Desired Attributes
Exceptional organizational skills with a methodical, detail-oriented, and analytical thought process.
Ability to manage multiple initiatives and competing priorities while meeting deadlines.
Strong leadership skills that motivate and develop a high-performing team.
Excellent written and oral communication skills, with a proven ability to influence and persuade stakeholders.
Self-motivated and able to work with minimal supervision.
ACKNOWLEDGING THE POWER OF DIVERSITY
BRP is dedicated to nurturing a culture that invites, connects, and propels the ambitions of people of all backgrounds, profiles, beliefs and experiences. Ultimately, the diversity and uniqueness of our people fuel our ingenuity and set the course for the path ahead!
For this reason, we value diversity and we strive to always push each other forward to build an inclusive workplace where every employee feels like they belong, where they can grow and find meaning.
AT BRP, WHEN WE TALK ABOUT BENEFITS, WE GO ALL IN.
Let’s start with a strong foundation - You want it, we have it:
Annual bonus based on the company’s financial results
Generous paid time away
Pension plan
Collective saving opportunities
Industry leading healthcare fully paid by BRP
What about some feel good perks:
Flexible work schedule
A summer schedule that varies by department and location
Holiday season shutdown
Educational resources
Discount on BRP products
WELCOME TO BRP
We’re a world leader in recreational vehicles and boats, creating innovative ways to move on snow, water, asphalt, dirt and even in the air. Headquartered in the Canadian town of Valcourt, Quebec, our company is rooted in a spirit of ingenuity and intense customer focus. Today, we operate manufacturing facilities in Canada, the United States, Mexico, Finland, Australia and Austria, with a workforce made up of close to 16,500 spirited people, all driven by the deeply held belief that at work, as with life itself, it’s not about the destination: It’s about the journey.
#LI-Hybrid #LI-KB12
