The Head of Vulnerability Management will serve as the leader for a team responsible for our cyber vulnerability management program Focusing on:
o Designing and driving strategy and tactical plans toward holistic vulnerability management across multiple technology teams
o Assessing and developing governance, reporting, scanning tool architecture, ticketing systems, and communication packages
o Risk-based vulnerability prioritization, reporting, and developing remediation steps
o Developing and workshopping processes and runbooks for vulnerability identification, analysis, remediation, and reporting
This ideal candidate will drive strategic decisions and direction of this cyber security program for the bank by managing deliverables for the team against expected results with a focus on operational and tactical activities that align to functional objectives. You will oversee and lead communications with audit, governance, and regulatory bodies for effective communication of program function, performance and goals. You will make judgments about priorities and the team's approach to work based on an understanding of how the team contributes to the achievement of broader objectives. Evaluate and review current processes and procedures, identifying opportunities for improvement and driving change, as necessary. Adapts plans to meet service and/or operational challenges. May play lead role or technical consultant role in large or complex projects or initiatives. Has full management responsibilities for teammates: hiring, disciplinary, coaching, terminating, performance reviews. Provide career development and training opportunities for teammates to drive overall improvement and mission effectiveness of the cyber security program.
Minimum Requirements: Bachelor’s Degree and five years of experience in a relevant information security role. Capability and desire to provide direction and mentorship to teammates, peers and senior leaders. Demonstrated ability to translate technical security information into business contexts to clearly articulate scope and impact related to cyber security events, strategies, and methodologies. In-depth, practical knowledge of information systems and ability to identify, apply, implement and drive cyber security best practices in an enterprise environment. Effective verbal and written communication skills for the purpose of driving the implementation of best practice recommendations and influencing business decisions. Demonstrated ability to collaborate and work effectively in a team environment. Strong time management skills and ability to manage priorities effectively.
Preferred Requirements: Hands-on experience in one or more aspects of cyber security such as: incident management; network, host or application security; intrusion analysis; malware analysis; vulnerability management & penetration testing; digital forensics or eDiscovery; threat intelligence; software security. Advanced knowledge of one or more cyber security controls and/or tools such as: SIEM, IDS/IPS, Endpoint controls, cloud security, Antivirus, anti-spam filtering, operating system security (Windows & Linux), network security technologies, penetration testing toolsets, software security tools, vulnerability management tools, threat intelligence platforms, or digital forensics and live memory forensics platforms. Prior leadership experience in a cyber-security-specific role. Strong record of success in prior endeavors protecting the organization, clients and teammates from cyber threats. Preferred certifications include but are not limited to: GCIA, GCIH, GCFA, GPEN, CEH, CISSP, CISA, CISM.
Equal Opportunity Employer: SunTrust supports a diverse workforce and is a Drug Testing and Equal Opportunity Employer. SunTrust does not discriminate against individuals on the basis of race, creed, color, gender, religion, national originTo review the EEO Poster, copy and paste the following link into your browser: http://www1.eeoc.gov/employers/upload/eeoc_self_print_poster.pdf http://www.dol.gov/ofccp/regs/compliance/posters/pdf/OFCCP_EEO_Supplement_Final_JRF_QA_508c.pdf