Vulnerability Management Manager

The University of Southern California (USC) Department of Information Technology Services (ITS) is seeking a Vulnerability Management Manager with an exceptional commitment to service excellence to join its team.

As the Vulnerability Management Manager, you will be an integral member of the Security Operations team of the Office of the CISO.  

The Vulnerability Management Manager drives vulnerability management strategies and goals by building a robust vulnerability management program through mentorship of the VM team and relationships with stakeholders. The VM Manager will develop and maintain strong partnerships with university stakeholders, including senior leadership, through strategy design and delivery to ensure end-to-end vulnerability remediation. As the operational leader of the VM team, the Manager directs vulnerability assessments and penetration tests, assists with strategic planning, supports compliance and risk management activities, and pushes for improvements to mitigate risk.  This is an exciting opportunity to lead a large and complex VM program. 

THE WORK YOU WILL DO

The Vulnerability Management Manager will:

• Ensures continuous vulnerability lifecycle management within the university, detecting, monitoring, reporting, and assessing impact on vulnerability-related data from internal/external sources. Develops and drives remediation strategies to address vulnerabilities and reduce attack surface. Assists with strategic planning, driving improvements and providing input on capabilities and methods for vulnerability management and security testing. Supports compliance and risk management activities, recommending security controls and corrective actions to mitigate vulnerability risks.
• Develops and maintains strong partnerships to drive end-to-end vulnerability remediation, ensure consistent customer experience, broaden awareness and use of services, and educate users on security best practices integrated in key areas. Partners with IT teams to assess potential negative impacts of remediation and apply compensating/mitigating controls. Provides communications across the organization, interfacing with senior leadership, driving security hardening best practices, and representing the vulnerability management team with customers and partners.
• Drives requirements definition, evaluation, recommendation, implementation, and troubleshooting of vulnerability management tools. Develops security testing capabilities and directs ongoing vulnerability assessments and penetration tests. Assesses current and emerging threats, cyberattacks, and zero-day vulnerabilities that pose risks to the university. Notifies partners on threats and vulnerabilities to reduce the attack surface.
• Leads and supports vulnerability management team, establishing team and individual goals that support overall objectives. Coaches, mentors, and provides career development guidance. Establishes daily operations, regular communications, and resource planning, providing guidance, relaying expectations and leading team initiatives and activities. Recruits, screens, hires, trains and directly supervises all assigned subordinate staff. Evaluates employee performance. Counsels, disciplines and/or terminates employees, as required.
• Maintains awareness and knowledge of current changes within legal, regulatory, and technological environments which may affect operations. Ensures senior management and staff are informed of any changes in a timely manner. Establishes and maintains network of professional contacts. Maintains membership in appropriate professional organizations and publications. Attends meetings, seminars and conferences and maintains continuity of any required or desirable certifications, if applicable.
• Promotes an environment that fosters inclusive relationships and creates unbiased opportunities for contributions through ideas, words, and actions that uphold principles of the USC Code of Ethics. Recommends departmental goals and objectives (e.g., workforce planning, compensation). Reassesses or redefines priorities as appropriate in order to achieve performance objectives.

MINIMUM QUALIFICATIONS

• Bachelor’s degree or combined experience/education as substitute for minimum education
• 7 years’ of directly related experience in information security management and knowledge of internet security and networking protocols, which includes
• 3 years’ experience leading a vulnerability management program, with the ability to prioritize projects and deliverables. Demonstrated understanding of vulnerability management and security testing practices and methodologies. Experience building infrastructure and application vulnerability management programs.
• Thorough knowledge of cloud computing and security issues related to cloud environments.
• Ability to evaluate business risks and recommend appropriate information security measures. Proven understanding of common vulnerability frameworks (e.g., CVSS, OWASP Top 10).
• Experience in configuration management of vulnerability assessment tools and static/dynamic application security testing. Understanding of system, application, and database-hardening techniques and practices.
• Ability to quickly adapt as the external environment and organization evolves.
• Ability to interact effectively at all levels of an organization and across diverse cultural and linguistic barriers. Project management experience. Excellent written and oral communication skills.

PREFERRED QUALIFICATIONS

• Advanced degree in a related field.
• 10 or more years of related experience.
• Experience in penetration testing.
• Experienced in presenting to large groups with confidence and polished presentation skills.
• Working toward or has CISSP, CISSP-ISSMP, CISM, and/or CRISC certifications.

THE ITS TEAM

The ITS vision aligns strategy, business, and services; affirms ITS cultural values; empowers cross-functional teamwork; embraces world-class best practices; and promotes innovation, excellence, agility, and efficiency. To achieve this vision, ITS is committed to providing a modern technology infrastructure that is resilient and delivers the performance necessary to meet the demands of a growing customer base, training in the latest technologies for its highly productive and motivated workforce, outstanding customer experience, and technology services that are aligned with the university’s mission to provide exceptional learning opportunities for students. ITS is creating a workplace where employees can develop cutting-edge skills, take pride in the services they provide, and have access to the roles and career paths that align to their abilities and potential.  We are looking for top talent to join us on our journey.

ITS CULTURE

USC’s ITS organization represents a diverse and talented team, committed to supporting a collaborative culture and delivering secure and innovative IT services that are core to the mission of the university. We are also committed to creating and maintaining meaningful partnerships across the university. At ITS, we act with integrity in the pursuit of excellence; embrace diversity, equity, and inclusion; promote well-being; engage in open two-way communication, and are accountable for living our values. ITS strives for a supportive and inclusive culture that encourages employees to do their best work every day and where individuals are recognized and celebrated for their contributions.

ABOUT USC

USC is the leading private research university in Los Angeles—a global center for arts, technology, and international business. With more than 47,500 students, we are located primarily in Los Angeles but also in various US and global satellite locations. As the largest private employer in Los Angeles, responsible for $8 billion annually in economic activity in the region, we offer the opportunity to work in a dynamic and diverse environment, in careers that span a broad spectrum of talents and skills across a variety of academic and professional schools and administrative units. As a USC employee and member of the Trojan Family—the faculty, staff, students, and alumni who make USC a great place to work—you will enjoy excellent benefits, including a variety of well-being programs designed to help individuals achieve work-life balance. USC values diversity and is committed to equal opportunity in employment.

Come join the USC ITS team and work as a trusted partner in shaping an environment of innovation and excellence. Apply today!

Minimum Education:
Bachelor’s degree. Combined experience/education as substitute for minimum education.

Minimum Experience: 7 years

Minimum Field of Expertise: Extensive experience in information security management and knowledge of internet security and networking protocols. Two years’ experience leading a vulnerability management program, with the ability to prioritize projects and deliverables. Demonstrated understanding of vulnerability management and security testing practices and methodologies. Thorough knowledge of cloud computing and security issues related to cloud environments. Ability to evaluate business risks and recommend appropriate information security measures. Proven understanding of common vulnerability frameworks (e.g., CVSS, OWASP Top 10). Ability to quickly adapt as the external environment and organization evolves. Experience in configuration management of Nexpose and AppScan. Understanding of system, application, and database-hardening techniques and practices. Ability to interact effectively at all levels of an organization and across diverse cultural and linguistic barriers. Project management experience. Excellent written and oral
communication skills.