Cyber Security Threat Manager

Wood Mackenzie is the global data and analytics business for the renewables, energy, and natural resources industries. Enhanced by technology. Enriched by human intelligence. In an ever-changing world, companies and governments need reliable and actionable insight to lead the transition to a sustainable future. That’s why we cover the entire supply chain with unparalleled breadth and depth, backed by over 50 years’ experience. Our team of over 2,400 experts, operating across 30 global locations, are enabling customers’ decisions through real-time analytics, consultancy, events and thought leadership. Together, we deliver the insight they need to separate risk from opportunity and make confident decisions when it matters most.

WoodMac.com

Wood Mackenzie Brand Video

Wood Mackenzie Values

• Inclusive – we succeed together
• Trusting – we choose to trust each other
• Customer committed – we put customers at the heart of our decisions
• Future Focused – we accelerate change
• Curious – we turn knowledge into action

We are seeking a highly experienced and proactive Senior Vulnerability and Threat Management Specialist to lead and mature our organization's vulnerability management program. This role will be primarily responsible for the operational and strategic use of Tenable.io and/or Tenable.sc, ensuring continuous visibility into cyber risk exposure, driving remediation efforts, and providing threat context to vulnerability data.

This individual will work cross-functionally with IT, Security Operations, DevSecOps, and Risk teams to reduce our attack surface and meet compliance and security objectives.

Key Responsibilities

• Lead the design, implementation, and optimization of the vulnerability management lifecycle using Tenable.io, Tenable.sc, Nessus, and related tools.
• Perform regular internal and external vulnerability scans across on-premise, cloud, container, and hybrid environments.
• Analyse scan results and coordinate remediation efforts with system owners and application teams.
• Develop and maintain metrics, dashboards, and reports that clearly communicate risk posture, trends, and remediation progress.
• Integrate Tenable with other platforms (e.g., ServiceNow, Splunk, Azure, AWS) to enhance automation and reporting.
• Continuously evaluate threat intelligence feeds to contextualize and prioritize vulnerabilities based on real-world exploitability.
• Partner with IT and security teams to validate patch and configuration compliance.
• Perform risk assessments on new systems and applications, identifying potential vulnerabilities and providing mitigation recommendations.
• Maintain asset inventory and ensure proper scoping of scans in dynamic environments.
• Develop and enforce policies, standards, and procedures for vulnerability management.
• Stay informed on evolving threats, CVEs, and emerging vulnerabilities that may impact the organization.

Required Qualifications

• 5+ years of experience in cybersecurity with a focus on vulnerability management and threat analysis.
• Strong hands-on experience with Tenable.io, Tenable.sc, Nessus Professional, and associated modules (e.g., Lumin, WAS).
• Proven ability to interpret vulnerability data and CVSS scores and translate them into risk-based prioritization.
• Experience with asset tagging, segmentation, and scan tuning in Tenable for large, complex environments.
• Familiarity with integrating Tenable data into SIEMs, ticketing systems, or CMDBs.
• Strong understanding of operating systems (Windows, Linux), networking, cloud platforms (Azure, AWS), and containers.
• Knowledge of industry standards and frameworks such as NIST CSF, NIST 800-53, CIS Controls, and MITRE ATT\&CK.
• Strong verbal and written communication skills; capable of delivering reports and recommendations to both technical and executive audiences.

Preferred Qualifications

• Tenable certifications (e.g., Tenable Certified Assessor or Tenable Certified Engineer)
• Experience with ServiceNow Vulnerability Response or similar workflow automation tools.
• Scripting skills (Python, PowerShell, or Bash) for automation and tool integration.
• Experience with secure configuration benchmarks (CIS, STIGs).
• Exposure to threat intelligence platforms and risk-based vulnerability management strategies.

Equal Opportunities

We are an equal opportunities employer. This means we are committed to recruiting the best people regardless of their race, colour, religion, age, sex, national origin, disability or protected veteran status. You can find out more about your rights under the law at www.eeoc.gov 

If you are applying for a role and have a physical or mental disability, we will support you with your application or through the hiring process.