Cyber Security Manager - Vulnerability Management
Job description
Original text imported from Reed
Statera Talent is working on a senior Cyber Security leadership role with a well respect global financial organisation.
This is a high-visibility position focused on leading a global vulnerability risk programme across a complex technology environment. It would suit someone who can combine technical security knowledge with strong risk judgement, stakeholder management and the ability to drive remediation across multiple teams.
The role sits around vulnerability risk, but it is broader than simply managing scan outputs. The successful candidate will help bring together security findings from across infrastructure, cloud, application security, open-source software and testing activity, then ensure the business has a clear, risk-based view of what needs to be prioritised.
The role
You will be responsible for leading and developing a vulnerability risk function across a global technology environment.
This will include improving how security findings are assessed, prioritised, tracked and reported, while working closely with security, engineering, infrastructure, application and technology teams to ensure remediation is aligned to business risk.
The role will involve:
- Leading a global vulnerability risk programme
- Bringing structure and consistency to how vulnerabilities are assessed and prioritised
- Overseeing findings from infrastructure, cloud, application security, open-source software and security testing
- Helping define what should be treated as a genuine business risk priority
- Working with technical teams to support effective remediation
- Producing clear dashboards, metrics and reporting for senior stakeholders
- Improving governance, process and visibility across the vulnerability lifecycle
- Supporting a more risk-based approach to vulnerability management
What this role is really about
- This is not just a role focused on identifying security issues.
- It is about helping the business answer:
- What are our most important security weaknesses?
- Which issues genuinely carry the greatest business risk?
- Who owns the fix?
- How quickly are issues being remediated?
- What does senior leadership need to know?
Relevant backgrounds
We are interested in speaking with people from a range of Cyber Security backgrounds. Your current job title does not need to be specifically vulnerability focused.
The key requirement is experience owning, leading or playing a significant role in vulnerability management, remediation tracking, risk prioritisation and stakeholder reporting within a sizeable or complex organisation.
Experience likely to be useful
The successful candidate is likely to have experience with some or all of the following:
- Vulnerability management across infrastructure, cloud and applications
- Risk-based prioritisation beyond basic severity scoring
- Security testing outputs such as SAST, DAST, SCA, infrastructure scanning, CSPM or penetration testing
- Working with engineering, infrastructure, application and security teams to drive remediation
- Executive-level reporting, dashboards, metrics or risk updates
- Building, improving or maturing security processes
- Leading people, projects or security programmes
- Operating in a global or enterprise-scale environment
Apply today to find out more!
Key skills
AI-extracted from the job advert
Application advice
5 AI-generated recommendations to maximise your chances.
⭐ Lead your CV personal statement with explicit mention of 'global vulnerability risk programme' ownership — the advert flags this as the core mandate in the opening paragraph.
📊 Quantify your remediation impact: e.g. 'Reduced critical vulnerability backlog by 62% across 4,000 assets within 6 months' — the advert specifically asks how quickly issues are remediated.
🛠️ List each tool category explicitly (SAST, DAST, SCA, CSPM, infrastructure scanning) in a dedicated Skills section — the advert names all five and ATS will scan for them individually.
🎯 Include a bullet demonstrating executive-level reporting: e.g. 'Produced monthly risk dashboards for CISO and board, covering 3 global regions' — the advert calls out senior stakeholder visibility as a key deliverable.
🌐 Highlight experience in complex, multi-team environments (engineering, infrastructure, application, security) to show you can drive cross-functional remediation — the advert emphasises this coordination repeatedly.
Suggested CV bullets
3 bullets our AI drafted for this specific advert, mirroring its ATS keywords.
Add these 3 bullets under your most recent experience:
- •Established a risk-based vulnerability prioritisation framework across 6,000 assets spanning on-premises infrastructure and three cloud platforms, reducing critical backlog by 58% within 9 months.
- •Unified SAST, DAST, SCA and CSPM findings into a single governance dashboard, enabling the CISO to report on top-20 business risks to the board on a fortnightly cadence.
- •Led cross-functional remediation working groups across 5 engineering and infrastructure squads, improving mean-time-to-remediate for high-severity vulnerabilities from 47 days to 18 days.
Free to copy — tailoring requires a 30-sec CV upload.
Your cover letter is ready
We've drafted a cover letter for Statera Talent. Preview the opening, then unlock the full personalised version.
Letter preview — tailored to Statera Talent
Dear Hiring Manager,
Statera Talent's search for a Cyber Security Manager – Vulnerability Management at a global financial organisation is precisely the kind of leadership challenge I have been building towards. My experience in risk-based vulnerability prioritisation and cross-functional remediation governance maps directly to the programme maturity and executive visibility this role demands.
My background in leading vulnerability risk functions across complex, multi-cloud environments has equipped me to consolidate findings from SAST, DAST, SCA, CSPM and infrastructure scanning into a coherent, business-risk-aligned view. I have worked alongside engineering, infrastructure and application teams to enforce remediation SLAs, and have delivered monthly dashboards to C-suite stakeholders covering critical exposure trends across global technology estates. I understand that vulnerability management at this level is fundamentally a risk communication and governance challenge, not simply a scanning exercise.
Free signup, no card needed. Export to PDF/Word requires a £1.99 trial (14 days).
Interview questions
10 questions generated from this advert.
Technical
- ›How do you move beyond CVSS scores to build a genuinely risk-based vulnerability prioritisation model?
- ›Walk us through how you would integrate findings from SAST, DAST, SCA and CSPM into a single unified risk view.
- ›What metrics and KPIs would you put in front of a CISO to demonstrate the health of a global vulnerability programme?
- ›How do you handle vulnerability ownership disputes between infrastructure, application and engineering teams?
- ›Describe your approach to tracking remediation SLAs at scale across a complex, multi-cloud environment.
Behavioural
- ›Tell me about a time you had to convince senior leadership to prioritise a security risk that was not on their radar.
- ›Describe a situation where you inherited a poorly structured vulnerability programme — what did you change and what was the outcome?
- ›Give an example of driving remediation across teams who did not report to you and had competing priorities.
- ›Tell me about a time a critical vulnerability required rapid escalation — how did you manage communication upwards and across teams?
- ›Describe how you have improved governance or process visibility within a security function and the measurable impact it had.
STAR answer examples
Model answers using the Situation-Task-Action-Result framework. Adapt to your own experience.
Describe a situation where you inherited a poorly structured vulnerability programme — what did you change and what was the outcome?
Give an example of driving remediation across teams who did not report to you and had competing priorities.