Manager: Threat & Vulnerability Management

The Threat & Vulnerability Team Manager will be leading critical support for the Information Security’s vulnerability management program (VM) for both the on-prem & cloud environments managed by One Main Financial (OMF). They will help create a robust proactive approach for preventing unauthorized access, changes, or exploitation of vulnerabilities through mitigation, active defenses, and automated responses. The VM team’s portfolio of activities includes providing vulnerability detection and remediation oversight, vulnerability research, secure baseline compliance, web application security, host-based security, network security, and acting as security subject matter experts for all the organization.

Our Cybersecurity team works remotely; however, you should live within driving distance to a corporate office for the occasional office connectivity days. Office locations including Baltimore, Wilmington DE, Charlotte NC, Dallas/Fort Worth, Evansville, IN, and Chicago. 

Required TVM Technical Competencies

• Extensive knowledge and hands-on experience with a variety of Vulnerability Management Tools such as Tenable, DB Protect, Netsparker, Qualys, etc.

• Expert knowledge of the Vulnerability Management lifecycle

• Proven track record of designing, implementing, and managing a successful Threat & Vulnerability Management Program

• Strong knowledge of networking, operating systems, databases, and web applications

• Strong knowledge of cybersecurity operations (Cyber Threat Intelligence, Penetration testing, & Incident Response)

• Deep knowledge and experience of performing both manual and automated asset discovery and enumeration

• Deep knowledge and experience of systematic and data-driven asset prioritization

• Expert knowledge and successful application of risk management frameworks

• Required TVM Management Competencies

• Track record of leading enterprise-level vulnerability management teams with a history of increasing responsibility

• Expert project management skills

• Ability to explain vulnerability management concepts to a wide range of audiences verbally and in writing

• Expertise in developing and improving vulnerability management operations and processes

• Strong interpersonal skills and the ability to collaborate with a variety of stakeholders to ensure vulnerability management compliance

• Expert problem solving and critical thinking skills

• Proactive disposition and ability to execute on leadership vision with minimal oversight

Additional Responsibilities

• Perform Project/Team Management activities, including assigning tasks, 1-1 coaching, upskilling junior team members, performance evaluations, etc.

• Lead the redesign, build and day-to-day operations of the vulnerability management (VM) team to include standardization of processes and managing customer expectations.

• Effectively manage a team of vulnerability management professionals who are focused on proactively preventing the exploitation of IT vulnerabilities that exist across the OMF environments.

• Successfully assign and complete VM projects, tasks, and\or initiatives on time and to vulnerability management standards.

• Track all team projects, tasks, and/or initiatives in a centralized location (e.g., Microsoft Lists, Jira, etc.) and provide a reportable schedule.

• Drive actionable metrics which help ensure the team reduce the time and resources needed to detect, investigate, analyze and remediate vulnerabilities.

• Manage performance of risk‐based assessments of current and emerging information security issues to support the mission by prioritizing remediation efforts.

• Proactively delegate support of regular vulnerability, compliance/configuration, database, and web application scanning.

• Apply effective problem solving and critical thinking skills to evaluate applicable solutions, conduct pilot/evaluations for proof of concepts and ultimately implement better mitigating controls.

• Research current and emerging information security exploits, threats, and vulnerabilities and disseminate contextual information to appropriate stakeholders.

• Facilitate exception handling, waiver processing and escalations as needed.

• Maintain regular communication with security leaderships on process optimization, tools tuning and resetting of VM priorities as business needs prudently recommend.

Minimum Qualifications

• Bachelor's degree and 8+ years of related work experience; or a graduate degree and approximately 7-8 years of related work experience in the fields of Computer Science, Information Systems, Engineering, Business or related major

• A minimum of 6+ years of professional work experience in cybersecurity with at least 5 years in Vulnerability Management.

• 3 or more years managing\supervising a team of vulnerability management professionals.

• Knowledge of general security concepts and methods such as vulnerability assessments, data classification, privacy assessments, incident response, security policy creation, enterprise security strategies, architectures, and governance.

• Experience in process definition, workflow design and process mapping

• Excellent interpersonal, written/verbal communication and leadership skills with the ability to make recommendations to all levels of the organization.

Target base salary range is $100k - $120k, which is based on various factors including skills, work experience, and location. In addition to base salary, this role is eligible for a competitive additional compensation program that is based on individual and company performance.

Who we Are

OneMain Financial (NYSE: OMF) is the leader in offering nonprime customers responsible access to credit and is dedicated to improving the financial well-being of hardworking Americans. Since 1912, we’ve looked beyond credit scores to help people get the money they need today and reach their goals for tomorrow. Our growing suite of personal loans, credit cards and other products help people borrow better and work toward a brighter future.

Driven collaborators and innovators, our team thrives on transformative digital thinking, customer-first energy and flexible work arrangements that grow lives, careers and our company. At every level, we’re committed to an inclusive culture, career development and impacting the communities where we live and work. Getting people to a better place has made us a better company for over a century. There’s never been a better time to shine with OneMain.

Because team members at their best means OneMain at our best, we provide opportunities and benefits that make their health and careers a priority. That’s why we’ve packed our comprehensive benefits package for full- and some part-timers with: 

• Health and wellbeing options for team members and their dependents

• Up to 4% matching 401(k)

• Employee Stock Purchase Plan (10% share discount)

• Tuition reimbursement

• Continuing education

• Bonus eligible

• Paid time off (15 days’ vacation per year, plus 2 personal days, prorated based on start date)

• Paid holidays (7 days per year, based on start date)

• Paid volunteer time (3 days per year, prorated based on start date)

• And more

#LI-DWB

OneMain Holdings, Inc. is an Equal Employment Opportunity (EEO) employer. Qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship status, color, creed, culture, disability, ethnicity, gender, gender identity or expression, genetic information or history, marital status, military status, national origin, nationality, pregnancy, race, religion, sex, sexual orientation, socioeconomic status, transgender or on any other basis protected by law.