Senior Manager, IT - Threat and Vulnerability

Job Description
The Senior Manager of the Vulnerability and Attack Surface Management Team is a critical technical leadership role within our Information Security team with end-to-end responsibility for strategy, oversight and execution of the KraftHeinz Vulnerability Management and Attack Surface Management capabilities.
This role requires a blend of strategic vision, strong leadership, technical expertise, superb communications, outstanding analytical and critical thinking to effectively lead and guide a team of security experts.
What's on the menu?

• Continuously build and implement a strategic vision for the Vulnerability and Attack Surface Management program and its capabilities in alignment with organization's Information Security and Information Technology programs, program goals and business objectives.
• Drive all efforts crucial to ensure timely identification, analysis, and remediation of vulnerabilities across all IT assets, including applications, servers, networks, and endpoints.
• Establish and maintain strong relationships with key partners, including business capabilities, infrastructure, networking, application development, compliance, communications and other executive and non-executive leadership.
• Continuously evaluate emerging security threats, trends, and technologies for continuous analysis and improvement of the organization's vulnerability and attack surface management capabilities.
• Develop and implement processes for continuous attack surface monitoring and reduction, ensuring the organization's exposure to threats is continuously minimized and optimally protected.
• Be responsible for the configuration, operation, and maintenance of vulnerability testing and management platforms, attack surface management technologies, and other related tooling.
• Provide technical guidance and support for vulnerability assessments, penetration testing, and attack surface management activities.
• Maintain comprehensive vulnerability and attack surface management policies, standards, processes and procedures, and documentation thereof.
• Lead ongoing execution and advancement of vulnerability scanning and assessment tools, techniques, and procedures.
• Coordinate the scheduling and execution of regular vulnerability scans, assessments, and attack surface evaluations.
• Ensure timely and effective communication of vulnerability and attack surface findings to relevant stakeholders.
• Manage emergency response processes and activities related to discovered vulnerabilities and attack surface exposures in coordination with incident response and other supporting enterprise functions.
• Track and report on the status of vulnerability remediation and attack surface reduction efforts, ensuring compliance with internal policies and external regulatory requirements.
• Lead, mentor, and develop a team of vulnerability and attack surface management professionals, providing regular performance feedback and career development opportunities.
• Supervise the recruitment and onboarding of new team members, ensuring the team is staffed with skilled and motivated individuals.
• Monitor the vulnerability and attack surface management budget, including forecasting and expenditures.
• Ensure compliance with all relevant laws, regulations, and standards related to information security, vulnerability management, and attack surface management.
• Represent the vulnerability and attack surface management function in internal and external audits, assessments, and reviews.

Recipe for Success:

• I have advanced experience in information security, with at least 5 years in a hands-on vulnerability management and/or attack surface management role.
• I understand the nature of vulnerabilities and weaknesses, and can articulate detection and remediation methods for vulnerabilities to technical and non-technical audiences.
• I have expert-level understanding of vulnerability and attack surface testing and management techniques, processes and platforms.
• I have significant experience in designing, building, testing, implementing and refining workflows of varying complexity.
• I have solid understanding of common security frameworks (e.g., NIST, CIS, ISO).
• I have validated experience in leading and running security teams, with a track record of developing and implementing critical initiatives.
• I have superb communication, interpersonal, and leadership skills.
• I have relevant industry and technical training and/or certifications.

Location(s)
Toronto - Queen's Quay - Headquarters
Kraft Heinz is an Equal Opportunity Employer - Underrepresented Ethnic Minority Groups/Women/Veterans/Individuals with Disabilities/Sexual Orientation/Gender Identity and other protected classes. In order to ensure reasonable accommodation for protected individuals, applicants that require accommodation in the job application process may contact [email protected] for assistance.