Senior Director, Vulnerability Management (R-17626)

Why We Work at Dun & BradstreetDun & Bradstreet unlocks the power of data through analytics, creating a better tomorrow. Each day, we are finding new ways to strengthen our award-winning culture and accelerate creativity, innovation and growth. Our 6,000+ global team members are passionate about what we do. We are dedicated to helping clients turn uncertainty into confidence, risk into opportunity and potential into prosperity. Bold and diverse thinkers are always welcome. Come join us! Learn more at dnb.com/careers.
The Senior Director of Vulnerability Management is responsible for leading and evolving the global vulnerability management program for Dun & Bradstreet; a global data, analytics, and insights company. This role requires a strategic leader with deep expertise in vulnerability identification, risk assessment, remediation prioritization, and collaboration across security, IT, and business teams. The Senior Director will drive continuous improvement in the organization’s security posture by developing and executing a comprehensive, threat informed, risk-based vulnerability management strategy aligned with industry best practices and regulatory requirements.
This individual will oversee vulnerability detection, reporting, and remediation efforts across a complex IT and cloud infrastructure, ensuring alignment with the organization’s broader cybersecurity, risk, and compliance objectives. The ideal candidate has extensive experience in vulnerability management, security operations, and leadership within large, complex environments.

Key Responsibilities:

• Define, implement, and continuously enhance the global vulnerability management strategy, ensuring it aligns with the organization’s security, risk, and compliance frameworks. Establish policies, processes, and best practices to proactively identify, assess, and mitigate vulnerabilities across cloud, on-premises, and hybrid environments.
• Develop a risk and threat-based approach to vulnerability prioritization, considering exploitability, business impact, and regulatory requirements. Partner with Cyber Threat Intelligence (CTI) teams to incorporate real-world threat data into vulnerability assessments and remediation efforts.
• Partner with IT, DevOps, engineering, and business leaders to drive timely and effective remediation of critical vulnerabilities. Communicate risk and remediation requirements to executive leadership, ensuring alignment with business objectives.
• Develop and maintain key performance indicators (KPIs) and executive dashboards to track vulnerability management effectiveness. Provide regular updates to senior leadership and committees on vulnerability trends, remediation progress, and risk reduction efforts.
• Oversee the selection, deployment, and optimization of vulnerability scanning tools, attack surface management solutions, and security orchestration platforms. Drive automation initiatives to improve vulnerability detection, prioritization, and remediation processes.
• Ensure the vulnerability management program meets or exceeds compliance requirements, including NIST, CIS, ISO 27001, PCI-DSS, and other relevant regulatory frameworks. Support audit and regulatory inquiries by providing clear documentation and evidence of vulnerability management controls.
• Build and lead a high-performing vulnerability management team, fostering a culture of accountability, innovation, and continuous improvement. Mentor and develop talent, ensuring the team has the necessary skills and expertise to address evolving cybersecurity challenges.

Key Requirements:

• 12+ years of experience in cybersecurity or technology, with at least 5+ years in a leadership role overseeing vulnerability management, security operations, or risk management in a large global organization.
• Deep understanding of vulnerability management tools (e.g., Tenable, Qualys, Rapid7, Microsoft Defender, etc.), attack surface management, and threat intelligence integration. Experience with cloud security (AWS, Azure, GCP), container security, and DevSecOps practices.
• Strong familiarity with risk-based vulnerability prioritization, CVSS scoring, and frameworks such as NIST, CIS, ISO 27001, PCI-DSS, and MITRE ATT&CK. Experience working with regulatory compliance requirements and audit processes.
• Proven ability to lead and develop high-performing security teams across multiple geographies. Strong executive presence with the ability to communicate complex security risks to C-level executives and board members.
• A Bachelor or Master’s degree in Cybersecurity, Information Security, or Business Administration (MBA) is preferred. Industry certifications preferred.

Benefits We Offer· Generous paid time off in your first year, increasing with tenure.· Up to 16 weeks 100% paid parental leave after one year of employment.· Paid sick time to care for yourself or family members. · Education assistance and extensive training resources.· Do Good Program: Paid volunteer days & donation matching.  · Competitive 401k & Employee Stock Purchase Plan with company matching. · Health & wellness benefits, including discounted Wellhub membership rates.· Medical, dental & vision insurance for you, spouse/partner & dependents.· Learn more about our benefits: http://bit.ly/41Yyc3d.

All Dun & Bradstreet job postings can be found at https://www.dnb.com/about-us/careers-and-people/joblistings.html and https://jobs.lever.co/dnb. Official communication from Dun & Bradstreet will come from an email address ending in @dnb.com.
Notice to Applicants: Please be advised that this job posting page is hosted and powered by Lever. Your use of this page is subject to Lever's Privacy Notice and Cookie Policy, which governs the processing of visitor data on this platform.
Equal Employment Opportunity (EEO): Dun & Bradstreet provides equal employment opportunities to applicants and employees without regard to race, color, religion, creed, sex, age, national origin, citizenship status, disability status, sexual orientation, gender identity or expression, pregnancy, genetic information, protected military and veteran status, ancestry, marital status, medical condition (cancer and genetic characteristics) or any other characteristic protected by law. Know Your Rights: Workplace Discrimination is Illegal - The current poster can be found here. Pay transparency nondiscrimination statement/posting - OFCCP's pay transparency policy can be found here. We participate in E-Verify - The current poster can be found here.
Accommodations information for applicants with disabilities: Dun & Bradstreet is committed to providing reasonable accommodation to, among others, individuals with disabilities and disabled veterans. If you need an accommodation because of a disability to search and apply for a career opportunity with Dun & Bradstreet, please send an e-mail to AcquisitionT@dnb.com to let us know the nature of your accommodation request and your contact information.