Manager, Vulnerability & Data Security

About the Role

As the leader of the vulnerability management program, the Manager will be responsible for developing and implementing strategies to reduce risk, building preventative controls, and driving remediation efforts. This role requires a deep understanding of cloud security architectures, vulnerability management tools, and data protection regulations.

What You Will Do

• Lead the development and implementation of the vulnerability management program, including asset coverage, scanning cadence, prioritization, and measurable risk reduction
• Integrate vulnerability findings into engineering backlogs with clear SLAs and partner with SRE, platform, and application teams to drive remediation
• Establish risk-based prioritization, including CVSS, KEV, EPSS, exploitability, and business criticality, and publish dashboards for transparency to leadership
• Mature patching and configuration baselines, build preventative controls, and secure-by-default guardrails
• Coordinate vulnerability disclosure, pen test intake, and threat-driven campaigns for actively exploited CVEs
• Report program health, trends, and exceptions to security leadership and auditors
• Establish clear data ownership and stewardship across critical datasets, define roles, responsibilities, and decision rights
• Define and enforce data classification, access, and usage policies, driving best practices and guardrails for least privilege and segregation of duties
• Operationalize Sentra (DSPM) and Google DLP to monitor data exposure and access risks, drive timely remediation with accountable teams

What We Are Looking For

• 7-10+ years of experience in information security, with 3+ years of experience leading programs or teams
• Hands-on experience managing vulnerabilities at scale with Tenable and Snyk across cloud-native, containers, endpoints, and CI/CD
• Practical experience building and maturing data security programs with Sentra (DSPM) and Google DLP, with strong policy design and enforcement
• Experience partnering with engineering, data, and compliance teams to drive risk reduction and implement controls
• Familiarity with PCI and SOX regulations, as well as SDLC, DevSecOps, and cloud security architectures (AWS/GCP/Azure)
• Excellent communication and reporting skills, with the ability to translate risk into actionable plans and measurable outcomes
• Certifications such as CISSP or CISM are a plus

Nice to Have

• Experience with IAM/IGA, SIEM, CNAPP, and ticketing/workflow integrations
• Solid grasp of data governance concepts, including stewardship and lineage
• Knowledge of cloud security architectures and vulnerability management tools

Benefits and Perks

• Competitive salary and benefits package
• Flexible work arrangements, with the option to work remotely
• Opportunities for professional growth and development
• Access to cutting-edge technologies and tools
• Collaborative and dynamic work environment
• Comprehensive health insurance and wellness programs
• Generous PTO and holiday package
• Remote stipend and home office setup support

• Make sure to highlight your experience with vulnerability management tools, such as Tenable and Snyk, and your understanding of data protection regulations.
• Showcase your ability to partner with cross-functional teams, including engineering, data, and compliance, to drive risk reduction and implement controls.
• Be prepared to provide examples of your experience with cloud security architectures and data governance concepts.
• Review the company's technology stack and be prepared to discuss your experience with similar tools and systems.
• Consider including certifications, such as CISSP or CISM, to demonstrate your expertise in information security.
• Prepare to discuss your experience with data classification, access, and usage policies, and your ability to enforce these policies in a cloud-based environment.