Eleven Recruiting
Vulnerability Management and Cyber Controls Lead
Eleven Recruiting, New York, New York, us, 10261
Vulnerability Management and Cyber Controls Lead
Our client, a global investment firm, is seeking a Vulnerability Management and Cyber Controls Lead to join their team in New York City, Miami, or Los Angeles. Responsibilities Own and mature the global Vulnerability Management program, covering external exposure, imminent threats, vulnerability identification and prioritization, and remediation facilitation. Serve as the technical subject matter expert for vulnerability management tools and processes (e.g., Tenable, Qualys, Rapid7, or equivalent). Continuously assess and improve VM processes to achieve best-in-class coverage, efficiency, and visibility. Leverage automation, analytics, and threat intelligence to enhance accuracy and reduce remediation timelines. Operate and optimize scanning platforms, discovery tooling, and reporting pipelines to ensure comprehensive asset visibility. Partner with Infrastructure, Engineering, Application, and Cloud teams to drive effective risk reduction across environments. Lead critical vulnerability identification and response exercises, including analysis of zero-day or imminent threats. Develop and maintain metrics, dashboards, and executive-level reporting on vulnerability posture, remediation progress, and program maturity. Collaborate with Enterprise Risk, Internal Audit, and Application Security teams to ensure alignment with firm-wide risk management practices. Maintain ownership of service delivery quality, issue resolution, and stakeholder communication. Stay current with industry trends, threat intelligence, and evolving tools to proactively strengthen the firm's defenses.
Qualifications 7+ years of experience in Cybersecurity, Infrastructure Security, or Vulnerability Management. Technical proficiency across network, system, and application layers including scanning methodologies, asset discovery, and exploit analysis. Hands-on experience operating and tuning vulnerability management tools (e.g., Tenable.io, Qualys VMDR, Rapid7 InsightVM) and discovery utilities (e.g., Nmap, SSLScan, Shodan, or custom scripts). Experience leveraging threat intelligence and CVSS/CISA/EPSS data for vulnerability prioritization. Strong understanding of cloud infrastructure (AWS, Azure, GCP) and modern application stacks. Proficiency in scripting or automation (e.g., Python, PowerShell, Bash) and query-based data analysis (SQL, Excel, or equivalent). Demonstrated success in building and optimizing technical processes at scale; experience designing metrics, dashboards, and analytics (Tableau, PowerBI, or similar). Ability to partner across technical and business teams, influence remediation activities, and communicate risk in clear, actionable terms. Knowledge of IT processes, secure configuration baselines, and control frameworks (CIS, NIST, ISO, FFIEC). Experience in financial services or other highly regulated environments preferred. Consulting or architecture background a plus.
What Youll Bring A builders mindset motivated to design, enhance, and automate. Strong technical curiosity and analytical rigor. A collaborative, proactive approach to problem-solving. A focus on measurable improvement, not just compliance.
Pay Rate : $70.00 - $110.00/hr Seniority level Mid-Senior level
Employment type
Contract
Job function
Information Technology
Industries
Investment Management
#J-18808-Ljbffr
Our client, a global investment firm, is seeking a Vulnerability Management and Cyber Controls Lead to join their team in New York City, Miami, or Los Angeles. Responsibilities Own and mature the global Vulnerability Management program, covering external exposure, imminent threats, vulnerability identification and prioritization, and remediation facilitation. Serve as the technical subject matter expert for vulnerability management tools and processes (e.g., Tenable, Qualys, Rapid7, or equivalent). Continuously assess and improve VM processes to achieve best-in-class coverage, efficiency, and visibility. Leverage automation, analytics, and threat intelligence to enhance accuracy and reduce remediation timelines. Operate and optimize scanning platforms, discovery tooling, and reporting pipelines to ensure comprehensive asset visibility. Partner with Infrastructure, Engineering, Application, and Cloud teams to drive effective risk reduction across environments. Lead critical vulnerability identification and response exercises, including analysis of zero-day or imminent threats. Develop and maintain metrics, dashboards, and executive-level reporting on vulnerability posture, remediation progress, and program maturity. Collaborate with Enterprise Risk, Internal Audit, and Application Security teams to ensure alignment with firm-wide risk management practices. Maintain ownership of service delivery quality, issue resolution, and stakeholder communication. Stay current with industry trends, threat intelligence, and evolving tools to proactively strengthen the firm's defenses.
Qualifications 7+ years of experience in Cybersecurity, Infrastructure Security, or Vulnerability Management. Technical proficiency across network, system, and application layers including scanning methodologies, asset discovery, and exploit analysis. Hands-on experience operating and tuning vulnerability management tools (e.g., Tenable.io, Qualys VMDR, Rapid7 InsightVM) and discovery utilities (e.g., Nmap, SSLScan, Shodan, or custom scripts). Experience leveraging threat intelligence and CVSS/CISA/EPSS data for vulnerability prioritization. Strong understanding of cloud infrastructure (AWS, Azure, GCP) and modern application stacks. Proficiency in scripting or automation (e.g., Python, PowerShell, Bash) and query-based data analysis (SQL, Excel, or equivalent). Demonstrated success in building and optimizing technical processes at scale; experience designing metrics, dashboards, and analytics (Tableau, PowerBI, or similar). Ability to partner across technical and business teams, influence remediation activities, and communicate risk in clear, actionable terms. Knowledge of IT processes, secure configuration baselines, and control frameworks (CIS, NIST, ISO, FFIEC). Experience in financial services or other highly regulated environments preferred. Consulting or architecture background a plus.
What Youll Bring A builders mindset motivated to design, enhance, and automate. Strong technical curiosity and analytical rigor. A collaborative, proactive approach to problem-solving. A focus on measurable improvement, not just compliance.
Pay Rate : $70.00 - $110.00/hr Seniority level Mid-Senior level
Employment type
Contract
Job function
Information Technology
Industries
Investment Management
#J-18808-Ljbffr