Director Vulnerability Management (Remote)

About our Team

Our Information Security and Data Protection team acts as the center of gravity for the cybersecurity practice at Elsevier. We safeguard the confidentiality, integrity, and availability of the Company's information resources, Consumer Data, and Technology infrastructure. We carry business accountability and engage with business stakeholders to enable them to manage their risk.

About the Role

This is a leadership role reporting to the VP of Cybersecurity Governance, Risk & Compliance (GRC) that requires an individual with a deep ability to work with and coordinate projects across the Elsevier Technology Information Security and Data Protection organization, as well as Technology product owners and their customers. This role will primarily be focused on maturing the vulnerability management and security assurance functions within the GRC team. This role will work closely with technology partners, business stakeholders and other parts of the security organization including the Business Information Security Officers (BISOs) to identify, prioritize and oversee the remediation of vulnerabilities.

Qualifications

• 12+ years of IT Security experience
• 5+ years of people management experience
• Extensive experience in developing and managing a vulnerability management function

• Experience working in Security assurance
• Demonstrated business acumen
• Strong analytical and critical thinking skills, and excellent written and oral communication & presentation skills
• Proven ability to develop talent and assemble a highly effective team
• Highly collaborative with ability to articulate ideas and influence peers and senior leaders

• Education Level: Bachelor's Degree or Equivalent

Key Responsibilities:

• Design and implement a robust vulnerability management program to aid the rest of the organization in taking a risk-based approach to vulnerability management.
• Establish effective direction, vision, requirements, improvements, and measurements for the vulnerability management and security assurance functions.

• Develop and oversee policy standards and implementation strategies as they relate to vulnerability and security assurance governance and management.
• Provide advisory services to BISO's to assist in the prioritization and remediation of open items.
• Lead response efforts on critical vulnerability response Lead communication and upwards reporting of the highest risks to executive leadership.
• Work with audit, risk, compliance, and regulatory partners as needed.
• Collaborate with technology teams and other security functions to put in place action plans for vulnerability resolution

• Ensure meaningful vulnerability reports are regularly distributed to key stakeholders
• Develop methods to improve the effectiveness of team operations
• Serve as a trusted advisor to the business and technology stakeholders across the enterprise to partner on security vulnerabilities and stay aligned on common goals.
• Engage technology, security, and business stakeholders to create awareness and alignment of key vulnerabilities.
• Maintain communication with peers throughout the organization and security contacts including Business Units and subsidiary locations; survey clients to determine appropriate communication methods; and deliver solutions to help raise awareness of the vulnerability management program.

• Manage global teams across multiple physical locations including work assignment and tracking, career development and mentoring and carry out management responsibilities in accordance with the organization's policies, procedures, and applicable laws. Responsibilities include interviewing, hiring, and training employees; planning, assigning, and directing work; appraising performance; rewarding and disciplining employees; and addressing complaints and resolving problems.

Technical Skills:

• Hands on experience in both vulnerability management and security assurance.

• Understanding of networking, web-based content delivery platforms and personal computing filesystem operation, architecture, patching and security.
• Advanced skills in setting, communicating, implementing, and achieving business objectives and goals through the direct management of others.
• Planning: Advanced organization/project planning, time management, and change management skills across multiple functional groups and departments, and advanced delegation skills involving prioritizing and reprioritizing projects and managing projects of various size and complexity.
• Problem Solving: Excellent problem-solving experience involving leading teams in identifying, researching, and coordinating the resources necessary to effectively troubleshoot/diagnose complex project issues; prior success extracting/translating findings into alternatives/solutions; and identifying risks/impacts and schedule adjustments to facilitate management decision-making.
• Collaborating: Excellent communication (verbal and written) and customer service skills. Strong interpersonal, communication, and presentation skills applicable to a wide audience including senior and executive management, customers, etc., including diction/terminology and presenting information in a concise and effective manner to clients, management, and various departments using assorted communication mediums.

• Excellent stakeholder management skills. Ability to cultivate and maintain solid relationships with the leadership of other teams and third-party vendors. Represents the Security team to customers and other managers within department.
• Generate regular reporting including KPIs, metrics and SLAs reporting, executive reporting, and other ad hoc reporting as required by management.
• Documented experience with process mapping, process improvement, and automation

Preferred Qualifications

• CISSP or CISM

Working with us

We are an equal opportunity employer with a commitment to help you succeed. Here, you will find an inclusive, agile, collaborative, innovative and fun environment, where everyone has a part to play. Regardless of the team you join, we promote a diverse environment with co-workers who are passionate about what they do, and how they do it.

At Elsevier, we know that your wellbeing and happiness are key to a long and successful career. These are some of the benefits we are delighted to offer:

• Comprehensive, multi-carrier health plan benefits
• Disability insurance
• Dependent Care and Commuter Spending Accounts
• Life and Accident Insurance
• Retirement Benefits (Salary Investment Plan/Employer Stock Purchase Plan)

• Modern Family Benefits, including adoption and surrogacy

Working for you

About Us

A global leader in information and analytics, we help researchers and healthcare professionals advance science and improve health outcomes for the benefit of society. Building on our publishing heritage, we combine quality information and vast data sets with analytics to support visionary science and research, health education and interactive learning, as well as exceptional healthcare and clinical practice. At Elsevier, your work contributes to the world's grand challenges and a more sustainable future. We harness innovative technologies to support science and healthcare to partner for a better world.

Join Us

PURPOSEFUL WORK
When you work with us, your work matters. You are part of an organization that nurtures your curiosity to stimulate innovation for the communities that we serve.

GROWING EVERY DAY
Like the communities we serve, you are on a constant path of discovery to shape your career and personal development.

COLLEAGUES WHO CARE
You will be part of the Elsevier family. We will support your well-being and provide the flexibility you need to thrive at work and home.

Together, we create possibilities.

Elsevier is an equal opportunity employer: qualified applicants are considered for and treated during employment without regard to race, color, creed, religion, sex, national origin, citizenship status, disability status, protected veteran status, age, marital status, sexual orientation, gender identity, genetic information, or any other characteristic protected by law. If a qualified individual with a disability or disabled veteran needs a reasonable accommodation to use or access our online system, that individual should please contact [email protected] or if you are based in the US you may also contact us on 1.855.833.5120.

Please read our Candidate Privacy Policy