Threat and Vulnerability Manager

Introduction

Since 1973, East West Bank has served as a pathway to success. With over 120 locations across the U.S. and Asia, we are the premier financial bridge between the East and West. Our teams of experienced, multi-cultural professionals help guide businesses and community members on both sides of the Pacific looking to explore new markets and create new opportunities, and our sustained growth and expertise in industries like real estate, entertainment and media, private equity and venture capital, and high-tech help build sustainable businesses and expand our associates’ potential for career advancement. Headquartered in California, East West Bank (Nasdaq: EWBC) is a top performing commercial bank with an exclusive focus on the U.S. and Greater China markets. With a strong foundation, and enterprising spirit and a commitment to absolute integrity, East West Bank gives people the confidence to reach further.

Overview

The Threat and Vulnerability Manager is responsible for leading and managing the organization’s vulnerability assessment program which includes threat modeling / assessments, red teaming, and penetration testing programs to proactively identify, analyze, and mitigate risks. This role ensures a comprehensive security posture by overseeing simulated attack scenarios and delivering actionable insights for remediation.

 

As an East West Bank employee, the Threat and Vulnerability Manager will be part of a growing and stable organization that provides career path development opportunities while serving a growing and profitable market.  This position is key to strengthening the organization’s defenses, driving innovation in security practices, and collaborating with a talented team in a dynamic and fast-paced environment.

Responsibilities

• Develop, implement, and maintain a comprehensive vulnerability assessment program.
• Perform regular vulnerability assessments across IT systems, applications, cloud platforms, and networks.
• Assess and prioritize vulnerabilities based on risk levels, potential business impact, and threat intelligence.
• Manage Attack Surface Monitoring.
• Update and disseminate threat intelligence on active Threat Actors (Threat Actor Profiles).
• Deliver regular briefings to leadership on vulnerability trends and risk status.
• Establish automated threat Intelligence process for ingestion of TI and development of action plans.
• Establish an effective Threat Assessment, Red Teaming and Threat Modeling capability for the bank.
• Oversee internal and external penetration testing engagements, ensuring alignment with industry standards such as OWASP, NIST, and MITRE ATT&CK.
• Validate the effectiveness of remediation actions through follow-up assessments.
• Evaluate new tools and technologies to enhance the efficiency and effectiveness of security assessments
• Stay updated on emerging threats, vulnerabilities, and attack techniques to adapt assessment methodologies.
• Incorporate threat intelligence and industry best practices into vulnerability and red team programs.
• Support automation and orchestration to maximize team talent and reduce routine tasks.
• Support regulatory reviews, assessments as well and monitor and lead reporting and remediating identified control and regulatory issues
• Foster collaboration between security, IT operations, and business teams to ensure alignment on security goals.
• Promote a culture of security awareness across the organization.

Qualifications

• Expertise in vulnerability management and penetration testing tools and techniques.
• Proficiency in red teaming methodologies and frameworks (e.g. MITRE ATT&CK, TIBER-EU)
• Knowledge of secure coding practices and application security testing.
• Familiarity with cloud security (AWS, Azure, or GCP) and DevSecOps practices
• Excellent communication skills for technical and non-technical audiences.
• Strong analytical and problem-solving abilities.
• Highly organized and efficient. Ability to work independently and as part of a team in a fast-paced, dynamic environment.
• Bachelor's degree in Cybersecurity, Information Technology or related field required, advanced degree (Masters level) preferred
• Minimum of 5 years in cybersecurity, with at least 3+ years in vulnerability management, penetration testing, or red teaming.
• Hands-on experience in vulnerability assessments, penetration testing methodologies, and red teaming strategies.
• Strong understanding of both offensive and defensive security techniques.
• Preferred Certification such as CCSP, CISSP, CEH, OSCP, OSCE, GPEN, GWAPT, CVA, or other red team and penetration testing credentials.

Compensation

The base pay range for this position is USD $140,000.00/Yr. - USD $185,000.00/Yr. Exact offers will be determined based on job-related knowledge, skills, experience, and location.