Manager Vulnerability Management

Description

Position Overview
At Citizens, we’re more than a bank and as a part of our team you’re made ready for a fulfilling career with exciting new challenges and opportunities to stretch yourself! The Manager, Vulnerability Management will lead the enterprise-wide strategy for identifying, tracking, and remediating vulnerabilities across Citizens' infrastructure, cloud environments, and APIs. This leader will build strong partnerships across teams to ensure vulnerabilities are effectively mitigated and remediated in alignment with the bank’s Cybersecurity Policy and risk-based priorities.

This role requires strong leadership, deep technical acumen, and the ability to collaborate cross-functionally with technology, business, audit, and compliance stakeholders. The leader will also maintain a focus on developing meaningful metrics and ensuring transparency with Federal Regulators, enterprise risk, and audit teams.

Key Responsibilities

• Vulnerability Identification and Remediation:
  • Lead the enterprise-wide vulnerability management program, including infrastructure, cloud (AWS/Azure), APIs, and containers.
  • Drive risk-based remediation strategies across the bank, ensuring timely resolution of vulnerabilities.
• Technical Oversight:
  • Oversee tools and platforms like vulnerability scanners, patch management systems, and configuration management tools.
  • Ensure alignment with frameworks such as CIS, NIST, CVSS, and industry best practices.
• Cloud and Infrastructure Leadership:
  • Provide oversight of cloud and on-premises vulnerability remediation efforts, including automation of vulnerability detection and reporting.
  • Partner with infrastructure and development teams to integrate security into DevOps pipelines (DevSecOps).
• Collaboration and Metrics:
  • Develop meaningful KPIs to measure remediation effectiveness and track the bank’s risk posture.
  • Liaise with Federal Regulators, Internal and external audit, enterprise risk, compliance, and executives to provide transparency of the bank's security posture.
  • Communicate vulnerability risk and progress to senior leadership.
  • Build and nurture strong relationships with infrastructure, cloud, and application teams.
• Team Leadership:
  • Manage and develop a team of vulnerability analysts and engineers, fostering a culture of innovation and collaboration.

Required Experience and Skills

• 10+ years of technical security experience, with a focus on vulnerability management, infrastructure, and cloud security.
• 5+ years of leadership experience, including managing managers.
• Deep technical expertise in cloud environments (AWS, Azure), infrastructure hardening, and API security.
• Experience with tools like Nessus, Tenable, Qualys, or similar vulnerability management platforms.
• Strong understanding of risk management frameworks (NIST 800, CIS benchmarks).
• Demonstrated experience driving vulnerability remediation across large enterprise environments.
• Excellent communication skills to present technical concepts to non-technical audiences and face off with regulators.
• Solid understanding of CVSS, CVE, CWE, CPE, OVAL, SCAP, and other vulnerability standards.

Education and Certifications

• A bachelor’s degree in Computer Science, Computer Engineering or a related discipline

Preferred Certifications

• CISSP, CISM, CISA, GPEN, or equivalent.

Pay Transparency

The salary range for this position is $175,000 - $210,000 per year  plus an opportunity to earn an annual discretionary bonus. Actual pay is based on various factors including but not limited to the work location, and relevant skills and experience.  

We offer competitive pay, comprehensive medical, dental and vision coverage, retirement benefits, maternity/paternity leave, flexible work arrangements, education reimbursement, wellness programs and more. Note, Citizens’ paid time off policy exceeds the mandatory, paid sick or paid time-away policy of very local and state jurisdiction in the United States. For an overview of our benefits, visit https://jobs.citizensbank.com/benefits.

Some job boards have started using jobseeker-reported data to estimate salary ranges for roles. If you apply and qualify for this role, a recruiter will discuss accurate pay guidance.

Equal Employment Opportunity

Citizens, its parent, subsidiaries, and related companies (Citizens), provides equal employment and advancement opportunities to all colleagues and applicants for employment without regard to age, ancestry, color, citizenship, physical or mental disability, perceived disability, or history or record of a disability, ethnicity, gender, gender identity or expression, transgendered and transitioning individuals, genetic information, genetic characteristic, marital or domestic partner status, victim of domestic violence, family status/parenthood, medical condition, military or veteran status, national origin, pregnancy/childbirth/lactation, colleague’s or a dependent’s reproductive health decision making, race, religion, sex, sexual orientation, or any other category protected by federal, state and/or local laws. At Citizens we are committed to fostering an inclusive culture that enables colleagues to bring their best selves to work every day and where all are expected to be treated with respect and professionalism. Employment decisions are based solely on experience, performance, and ability. We perform our best so we can do more for our customers, colleagues, communities and shareholders.