Senior Manager, IT - Threat and Vulnerability

Job Description

The Senior Manager of the Vulnerability and Attack Surface Management Team is a critical technical leadership role within our Information Security team with end-to-end responsibility for strategy, oversight and execution of the KraftHeinz Vulnerability Management and Attack Surface Management capabilities.

This role requires a blend of strategic vision, strong leadership, technical expertise, superb communications, outstanding analytical and critical thinking to effectively lead and guide a team of security experts.

What's on the menu?

• Continuously build and implement a strategic vision for the Vulnerability and Attack Surface Management program and its capabilities in alignment with organization’s Information Security and Information Technology programs, program goals and business objectives.

• Drive all efforts crucial to ensure timely identification, analysis, and remediation of vulnerabilities across all IT assets, including applications, servers, networks, and endpoints.

• Establish and maintain strong relationships with key partners, including business capabilities, infrastructure, networking, application development, compliance, communications and other executive and non-executive leadership.

• Continuously evaluate emerging security threats, trends, and technologies for continuous analysis and improvement of the organization’s vulnerability and attack surface management capabilities.

• Develop and implement processes for continuous attack surface monitoring and reduction, ensuring the organization’s exposure to threats is continuously minimized and optimally protected.

• Be responsible for the configuration, operation, and maintenance of vulnerability testing and management platforms, attack surface management technologies, and other related tooling.

• Provide technical guidance and support for vulnerability assessments, penetration testing, and attack surface management activities.

• Maintain comprehensive vulnerability and attack surface management policies, standards, processes and procedures, and documentation thereof.

• Lead ongoing execution and advancement of vulnerability scanning and assessment tools, techniques, and procedures.

• Coordinate the scheduling and execution of regular vulnerability scans, assessments, and attack surface evaluations.

• Ensure timely and effective communication of vulnerability and attack surface findings to relevant stakeholders.

• Manage emergency response processes and activities related to discovered vulnerabilities and attack surface exposures in coordination with incident response and other supporting enterprise functions.

• Track and report on the status of vulnerability remediation and attack surface reduction efforts, ensuring compliance with internal policies and external regulatory requirements.

• Lead, mentor, and develop a team of vulnerability and attack surface management professionals, providing regular performance feedback and career development opportunities.

• Supervise the recruitment and onboarding of new team members, ensuring the team is staffed with skilled and motivated individuals.

• Monitor the vulnerability and attack surface management budget, including forecasting and expenditures.

• Ensure compliance with all relevant laws, regulations, and standards related to information security, vulnerability management, and attack surface management.

• Represent the vulnerability and attack surface management function in internal and external audits, assessments, and reviews.

Recipe for Success:

• I have advanced experience in information security, with at least 5 years in a hands-on vulnerability management and/or attack surface management role.

• I understand the nature of vulnerabilities and weaknesses, and can articulate detection and remediation methods for vulnerabilities to technical and non-technical audiences.  

• I have expert-level understanding of vulnerability and attack surface testing and management techniques, processes and platforms.

• I have significant experience in designing, building, testing, implementing and refining workflows of varying complexity.

• I have solid understanding of common security frameworks (e.g., NIST, CIS, ISO).

• I have validated experience in leading and running security teams, with a track record of developing and implementing critical initiatives.

• I have superb communication, interpersonal, and leadership skills.

• I have relevant industry and technical training and/or certifications.

Location(s)

Kraft Heinz is an Equal Opportunity Employer – Underrepresented Ethnic Minority Groups/Women/Veterans/Individuals with Disabilities/Sexual Orientation/Gender Identity and other protected classes. In order to ensure reasonable accommodation for protected individuals, applicants that require accommodation in the job application process may contact NATAI@kraftheinz.com for assistance.