Job Description
The Senior Manager of the Vulnerability and Attack Surface Management Team is a critical technical leadership role within our Information Security team with end-to-end responsibility for strategy, oversight and execution of the KraftHeinz Vulnerability Management and Attack Surface Management capabilities.
This role requires a blend of strategic vision, strong leadership, technical expertise, superb communications, outstanding analytical and critical thinking to effectively lead and guide a team of security experts.
What's on the menu?
- Continuously build and implement a strategic vision for the Vulnerability and Attack Surface Management program and its capabilities in alignment with organization's Information Security and Information Technology programs, program goals and business objectives.
- Drive all efforts crucial to ensure timely identification, analysis, and remediation of vulnerabilities across all IT assets, including applications, servers, networks, and endpoints.
- Establish and maintain strong relationships with key partners, including business capabilities, infrastructure, networking, application development, compliance, communications and other executive and non-executive leadership.
- Continuously evaluate emerging security threats, trends, and technologies for continuous analysis and improvement of the organization's vulnerability and attack surface management capabilities.
- Develop and implement processes for continuous attack surface monitoring and reduction, ensuring the organization's exposure to threats is continuously minimized and optimally protected.
- Be responsible for the configuration, operation, and maintenance of vulnerability testing and management platforms, attack surface management technologies, and other related tooling.
- Provide technical guidance and support for vulnerability assessments, penetration testing, and attack surface management activities.
- Maintain comprehensive vulnerability and attack surface management policies, standards, processes and procedures, and documentation thereof.
- Lead ongoing execution and advancement of vulnerability scanning and assessment tools, techniques, and procedures.
- Coordinate the scheduling and execution of regular vulnerability scans, assessments, and attack surface evaluations.
- Ensure timely and effective communication of vulnerability and attack surface findings to relevant stakeholders.
- Manage emergency response processes and activities related to discovered vulnerabilities and attack surface exposures in coordination with incident response and other supporting enterprise functions.
- Track and report on the status of vulnerability remediation and attack surface reduction efforts, ensuring compliance with internal policies and external regulatory requirements.
- Lead, mentor, and develop a team of vulnerability and attack surface management professionals, providing regular performance feedback and career development opportunities.
- Supervise the recruitment and onboarding of new team members, ensuring the team is staffed with skilled and motivated individuals.
- Monitor the vulnerability and attack surface management budget, including forecasting and expenditures.
- Ensure compliance with all relevant laws, regulations, and standards related to information security, vulnerability management, and attack surface management.
- Represent the vulnerability and attack surface management function in internal and external audits, assessments, and reviews.
Recipe for Success:
- I have advanced experience in information security, with at least 5 years in a hands-on vulnerability management and/or attack surface management role.
- I understand the nature of vulnerabilities and weaknesses, and can articulate detection and remediation methods for vulnerabilities to technical and non-technical audiences.
- I have expert-level understanding of vulnerability and attack surface testing and management techniques, processes and platforms.
- I have significant experience in designing, building, testing, implementing and refining workflows of varying complexity.
- I have solid understanding of common security frameworks (e.g., NIST, CIS, ISO).
- I have validated experience in leading and running security teams, with a track record of developing and implementing critical initiatives.
- I have superb communication, interpersonal, and leadership skills.
- I have relevant industry and technical training and/or certifications.
Location(s)
Toronto - Queen's Quay - Headquarters
Kraft Heinz is an Equal Opportunity Employer - Underrepresented Ethnic Minority Groups/Women/Veterans/Individuals with Disabilities/Sexual Orientation/Gender Identity and other protected classes. In order to ensure reasonable accommodation for protected individuals, applicants that require accommodation in the job application process may contact [email protected] for assistance.
What We Do
At the heart of this journey is our ambition to create an enterprise where powerful AI solutions augment humans and where small mission-based teams are in relentless pursuit to solve tangible problems for our consumers, customers, and the enterprise. That ambition requires us to create a modern cloud and data ecosystem - a one of its kind that becomes the neural network of our company. We want you to bring your tech-self to us. We use Python, R, Spark, React, Tableau, Snowflake, Azure, and others to solve the problem on hand. In-turn, you can look forward to high-impact challenges, no bureaucracy, entrepreneurial small teams, and a unique opportunity to create and build something bold, awesome, and impactful – all while honoring our 150-year heritage and a portfolio of 200 iconic and emerging brands!
Why Work With Us
Our ambition is to become a best-in-class Digital leader by making data-driven investments that drive smarter business decisions. You’ll invent the next wave of augmented intelligence products where software & humans work side-by-side to rethink every aspect of our company. You’ll make an imprint & leave your legacy on every part of our business.
Gallery
Kraft Heinz Offices
Hybrid Workspace
Employees engage in a combination of remote and on-site work.
We also believe providing a more flexible and agile model is essential in today’s workplace. A majority of our office-based employees will be able to work remotely for up to two days each week.