Senior Manager of Vulnerability Management

The Senior Manager of Vulnerability Management will lead a team of cybersecurity professionals that provide continuous internal and external vulnerability scanning and reporting, continuous configuration monitoring of both on-premise and multi-cloud environments. This role will manage the external attack surface and monitor for critical vulnerabilities impacting the Cox Automotive environment and lead rapid vulnerability response efforts. The scope of this role is Cox Automotive wide and includes both enterprise and product technologies as well as both domestic and international business units.
This role will directly report to the Senior Director of Vulnerability Management and Continuous Control Monitoring.
Primary Responsibilities:

• Lead and mentor a team of cybersecurity professionals that:
• Deliver continuous scanning, identification, and reporting of the external facing attack surface throughout on-premise and cloud-based environments across both enterprise and product technologies.
• Provide continuous scanning, identification, and reporting of vulnerabilities throughout on-premise and cloud-based environments across both enterprise and product technologies.
• Manage the operations and effectiveness of the configuration security posture management and compliance capabilities for multiple hyperscaler cloud environments (AWS, Azure, OCI, etc.).
• Partner with the Security Architecture team to ensure that critical cybersecurity configurations are monitored through the cloud security posture management (CSPM) and Software as a Service security posture management (SSPM) capabilities.
• Recommend, socialize, and gain consensus on minimum patching and vulnerability mitigation standards and policies across both enterprise and product technology teams.
• When imminent threats or relevant zero-day vulnerabilities are identified, lead rapid vulnerability response efforts across the entire Cox Automotive Product and Technology Group.
• Monitor vulnerability mitigation progress and partner with engineering teams to provide recommendations for efficient risk remediation or mitigation.
• Provide regular reporting on the current state of vulnerabilities and configurations throughout the entire Cox Automotive environment including both on-premise and cloud environments globally.
• Partner with risk management, compliance, and audit teams to address regulatory and contractual requirements.
• Partner with merger and acquisition teams to ensure rapid deployment of vulnerability scanning, attack surface, and related visibility tools to acquisitions.
• Lead and coordinate large-scale information security projects, including implementation and delivery of infrastructure security scanning.
• Responsible for staying abreast of industry leading vulnerability and software security vendors and informing their product roadmaps.
• Working knowledge/experience of network systems, security principles, and applications. Fundamental understanding of defense-in-depth and intelligence-driven strategies.
• Detailed knowledge of vulnerability management, configuration management, software security, red team concepts, tools and trends.

Minimum Qualifications:

• Bachelor's degree in a related discipline and 8 years' experience required in the field of information security with a demonstrated path of increasing scope and management responsibilities. The right candidate could also have a different combination, such as a master's degree and 6 years' experience; a Ph.D. and 3 years' experience in a related field; or 12 years' experience in a related field
• 3+ years directly managing cybersecurity Vulnerability Management team/s
• Ability to drive consensus and collaboration among many diverse teams, individuals and functional groups to achieve desired business results.
• Excellent interpersonal, leadership, presentation, and collaborative skills to work effectively with teams throughout organization.
• Demonstrated track record of both project and operational delivery.
• Demonstrated knowledge and expertise in vulnerability assessment, risk management, and cybersecurity frameworks and standards (e.g., NIST, ISO, CIS, OWASP).
• Strong knowledge of vulnerability scanning and analysis and attack surface management tools (e.g., Qualys, Nessus, Rapid7, Tenable, Veracode, Shodan, etc.)
• At least one relevant industry security certification - CISSP, SANS GIAC, C|EH, CISM, CRISC, CISA.

Preferred Qualifications:

• Advanced degree (MBA / MS).
• 5+ years of experience in a senior management role.
• Cybersecurity experience in critical infrastructure industries (i.e. telecommunications, financial services, defense or government)

USD 144,900.00 - 241,500.00 per year
Compensation:
Compensation includes a base salary of $144,900.00 - $241,500.00. The base salary may vary within the anticipated base pay range based on factors such as the ultimate location of the position and the selected candidate's knowledge, skills, and abilities. Position may be eligible for additional compensation that may include an incentive program.
Benefits:
The Company offers eligible employees the flexibility to take as much vacation with pay as they deem consistent with their duties, the company's needs, and its obligations; seven paid holidays throughout the calendar year; and up to 160 hours of paid wellness annually for their own wellness or that of family members. Employees are also eligible for additional paid time off in the form of bereavement leave, time off to vote, jury duty leave, volunteer time off, military leave, and parental leave.
About Cox Automotive
At Cox Automotive, people of every background are driven by their passion for mobility, innovation and community. We transform the way the world buys, sells, owns and uses cars, accelerating the industry with global powerhouse brands like Autotrader, Kelley Blue Book, Manheim and more. What's more, we do it all with an emphasis on employee growth and happiness. Drive your future forward and join Cox Automotive today!
About Cox
Cox empowers employees to build a better future and has been doing so for over 120 years. With exciting investments and innovations across transportation, communications, cleantech and healthcare, our family of businesses - which includes Cox Automotive and Cox Communications - is forging a better future for us all. Ready to make your mark? Join us today!
Benefits of working at Cox may include health care insurance (medical, dental, vision), retirement planning (401(k)), and paid days off (sick leave, parental leave, flexible vacation/wellness days, and/or PTO). For more details on what benefits you may be offered, visit our benefits page .
Cox is an Equal Employment Opportunity employer - All qualified applicants/employees will receive consideration for employment without regard to that individual's age, race, color, religion or creed, national origin or ancestry, sex (including pregnancy), sexual orientation, gender, gender identity, physical or mental disability, veteran status, genetic information, ethnicity, citizenship, or any other characteristic protected by law. Cox provides reasonable accommodations when requested by a qualified applicant or employee with disability, unless such accommodations would cause an undue hardship.
Statement to ALL Third-Party Agencies and Similar Organizations: Cox accepts resumes only from agencies with which we formally engage their services. Please do not forward resumes to our applicant tracking system, Cox employees, Cox hiring manager, or send to any Cox facility. Cox is not responsible for any fees or charges associated with unsolicited resumes.