Vulnerability Management Team Lead – Vice President

General information

Entity

About Crédit Agricole Corporate and Investment Bank (Crédit Agricole CIB)

Crédit Agricole CIB is the corporate and investment banking arm of Crédit Agricole Group, the 10th largest banking group worldwide in terms of balance sheet size (The Banker, July 2022).
8,600 employees in more than 30 countries across Europe, the Americas, Asia-Pacific, the Middle-East and North Africa, support the Bank's clients, meeting their financial needs throughout the world.
Crédit Agricole CIB offers its large corporate and institutional clients a range of products and services in capital market activities, investment banking, structured finance, commercial banking and international trade.
The Bank is a pioneer in the area of climate finance, and is currently a market leader in this segment with a complete offer for all its clients.


For more information, please visit www.ca-cib.com

Twitter: https://twitter.com/ca_cib
LinkedIn: https://www.linkedin.com/company/credit-agricole-cib/

By working every day in the interest of society, we are a group committed to diversity and inclusion. All our positions are open to people with disabilities.   

Reference

2025-97249  

Update date

27/02/2025

Job description

Business type

Types of Jobs - IT, Digital et Data

Job title

Vulnerability Management Team Lead – Vice President

Contract type

Permanent Contract

Job summary

Summary
The Head of Vulnerability Management will lead the enterprise-wide vulnerability detection, assessment, and remediation efforts to safeguard the bank’s infrastructure, applications, and data. This role will develop and execute a risk-based vulnerability management program that aligns with regulatory requirements and industry best practices. The ideal candidate will work cross-functionally to drive remediation efforts, enhance security posture, and provide executive-level reporting on vulnerabilities and risk exposure. This position requires a strong leader with deep technical expertise and experience in financial sector cybersecurity governance.

Key Responsibilities
Vulnerability Program Leadership
o    Develop and manage the enterprise vulnerability management strategy, ensuring alignment with security frameworks and regulatory requirements.
o    Establish policies, procedures, and standards for vulnerability identification, assessment, and remediation.
o    Maintain executive-level reporting on vulnerability trends, risk posture, and remediation effectiveness.
o    Continuously evaluate and enhance program maturity through automation and process improvements.
Vulnerability Scanning & Assessment
o    Manage enterprise-wide vulnerability scanning tools and processes to detect security weaknesses.
o    Perform regular scanning and testing across infrastructure, applications, and cloud environments.
o    Analyze scan results to prioritize vulnerabilities based on risk, exploitability, and regulatory impact.
o    Ensure comprehensive coverage of all assets through asset discovery and inventory validation.
Remediation & Risk Mitigation
o    Collaborate with IT, DevOps, and application teams to ensure timely remediation of identified vulnerabilities.
o    Develop and track key performance indicators (KPIs) to measure remediation effectiveness.
o    Provide guidance on compensating controls and risk acceptance when remediation is not immediately feasible.
o    Establish escalation processes for high-risk vulnerabilities requiring urgent action.
Threat Intelligence & Vulnerability Prioritization
o    Integrate threat intelligence feeds to correlate vulnerabilities with real-world threats and exploits.
o    Align vulnerability management efforts with emerging threats, zero-day vulnerabilities, and adversarial tactics.
o    Leverage frameworks such as MITRE ATT&CK to enhance risk-based prioritization.
o    Coordinate with incident response teams to analyze vulnerabilities exploited in security incidents.
Compliance & Regulatory Alignment
o    Ensure adherence to financial industry regulations, including FFIEC, and NYDFS.
o    Support internal and external audits by providing evidence of vulnerability management controls.
o    Maintain documentation of vulnerability management activities for compliance reporting.
o    Align remediation efforts with compliance deadlines and security control objectives.

Supplementary Information

·         Tooling & Automation

o    Manage and optimize vulnerability scanning tools such as Qualys, Tenable, or Rapid7.

o    Automate vulnerability detection and remediation workflows through scripting and integration with security orchestration tools.

o    Evaluate emerging technologies to enhance vulnerability management capabilities.

o    Work with IT teams to embed security into DevSecOps pipelines.

·         Stakeholder Communication & Training

o    Act as the primary point of contact for vulnerability management across business and IT units.

o    Deliver executive briefings on risk posture and remediation progress.

o    Conduct training sessions for developers, IT teams, and security personnel on secure coding and vulnerability remediation best practices.

Foster a culture of security awareness by promoting proactive risk management.

 

#LI-DNI

Salary Range: $150k - $180k

Position location

Geographical area

America, United States Of America

City

NEW YORK

Candidate criteria

Minimal education level

Bachelor Degree / BSc Degree or equivalent

Academic qualification / Speciality

Bachelor’s degree in Cybersecurity, Information Technology, Business Administration, or a related field.

Advanced degree (MBA, MS) is strongly preferred.

Relevant industry certifications (CISSP, CISM, GIAC) are strongly preferred.

Level of minimal experience

11 years and more

Experience

Minimum 10+ years of experience in information security or related field.

At least 3 years of experience in a senior leadership role within the banking or financial services industry.

 

Required skills

Core Competencies

Experience & Expertise

o    7+ years of experience in cybersecurity, with at least 3 years in vulnerability management or related roles.

o    Strong knowledge of vulnerability assessment methodologies, risk frameworks (NIST, CIS, ISO 27001), and regulatory compliance in banking.

o    Hands-on experience with vulnerability scanning tools such as Qualys, Tenable, Rapid7, or similar.

o    Familiarity with penetration testing, threat intelligence, and exploit development concepts.

o    Experience working in highly regulated environments with strict security and compliance requirements.

Technical Skills

o    Proficiency in security automation using scripting languages (Python, PowerShell, Bash).

o    Strong understanding of network security, cloud security (AWS, Azure, GCP), and secure application development practices.

o    Knowledge of patch management processes and security hardening guidelines.

o    Ability to analyze vulnerabilities, assess risk, and communicate technical findings to business leaders.

Soft Skills & Leadership

Strong leadership and project management skills, with experience leading vulnerability remediation efforts.
Excellent communication and stakeholder management skills, with the ability to influence technical and non-technical teams.
Analytical mindset with a proactive approach to problem-solving and risk mitigation.
Ability to thrive in a fast-paced, high-stakes environment with competing priorities.

Technical skills required

Incident Management: Ability to analyze, prioritize, and manage security incidents effectively.

 

Strategic Thinking: Ability to align cyber risk initiatives with business objectives

 

Communication and Documentation: Strong ensure thorough documentation and clear communications over security operations activities.

 

Leadership and Team Management: Proven track record of building and leading high performing teams

 
 

Regulatory Compliance: Expertise in navigating banking regulations

 
Technical Knowledge: Strong knowledge with information security technologies  such as vulnerability scanning tools, and threat intelligence tools, etc.

 

Investigations: Strong knowledge with leading security investigations.

 

Cybersecurity Frameworks: Deep understanding of frameworks such as NIST Cybersecurity Framework

 

Policy and Procedure Development: Proficiency in drafting and enforcing policies, procedures, and playbooks.

 

Industry Thought Leadership: Recognized as a subject matter expert in the cybersecurity or risk management space