Vulnerability Management Manager

Why Choose Bottomline?

Are you ready to transform the way businesses pay and get paid? Bottomline is a global leader in business payments and cash management, with over 30 years of experience and moving more than $10 trillion in payments annually. We're looking for passionate individuals to join our team and help drive impactful results for our customers. If you're dedicated to delighting customers and promoting growth and innovation - we want you on our team!

Job Summary  

This role reports to the head of Security Operations and will work across all the technology teams to strengthen and enforce Bottomline’s information security strategy, policy and operations. 

As the manager for Vulnerability Management, you will be responsible for developing, implementing and overseeing the organization’s Vulnerability Management program.  The role ensures the identification, assessment and remediation of security vulnerabilities across the environment.  This includes infrastructure Vulnerability Management, External Attack Surface Management, Container Scanning, Cloud Security Compliance scanning, and Security Configuration Management.  

Essential Functions and Responsibilities:

·       Vulnerability Management Program Development – design and implement a comprehensive vulnerability management program.  Develop policies, procedures, and best practices for vulnerability scanning, assessment, and remediation. Define metrics and reporting to track program effectiveness and improvement.

·       Vulnerability Identification and Assessment - Oversee the use of vulnerability scanning tools to identify security weaknesses in systems, networks, and applications. Perform risk-based prioritization of identified vulnerabilities.  Collaborate with security analysts to conduct detailed assessments of critical vulnerabilities.

·       Remediation Coordination - Work with cross-functional teams to develop remediation plans and timelines.  Ensure timely patching or mitigation of vulnerabilities.  Track and report on remediation progress to stakeholders and leadership.

·       Threat Intelligence Integration - Stay updated on emerging threats and vulnerabilities through threat intelligence sources.  Integrate threat intelligence into the vulnerability management process to address high-risk areas proactively.

·       Compliance and Standards - Ensure compliance with regulatory requirements and security frameworks (e.g., SWIFT, NACHA, PCI, NIST, GLBA).  Prepare for and support internal and external audits related to vulnerability management.

·       Team Leadership and Collaboration - Lead a team of security analysts and engineers, providing mentorship and performance management.

  Required Experience & Qualifications

• 8+ years of experience in Cybersecurity
• 2 + years of experience in managing people
• Bachelor’s degree
• Hands-on experience and knowledge on vulnerability management tools – Rapid7, Qualys
• Experience building vulnerability management programs (standards, technology, processes, governance)
• In depth knowledge across all core domains – Vulnerability Management, External Attack Surface Management, Container Scanning, Cloud Security Compliance scanning, and Security Configuration Management

Preferred Experience & Qualifications

• Cyber certifications (e.g., CISM, CISSP) or equivalent

We welcome talent at all career stages and are dedicated to understanding and supporting additional needs. We're proud to be an equal opportunity employer, committed to creating an inclusive and open environment for everyone.