Head of Vulnerability & Business Information Risk Management

Overview:
We are seeking a highly skilled and strategic leader to join our organization as the Head of Vulnerability & Business Information Risk Management. In this role, you will be responsible for overseeing and enhancing our vulnerability management program and application security practices. You will lead a team of experts to identify, assess, prioritize, and mitigate vulnerabilities across our systems and applications, ensuring the integrity and security of our technology infrastructure.

Key Responsibilities

• Leadership and Strategy:
  • Develop and execute a comprehensive vulnerability management strategy aligned with organizational goals and industry best practices.
  • Provide strategic direction and vision for application security initiatives, integrating security into the software development lifecycle (SDLC).
• BISO and Enterprise Advisory Services:
  • Working closely with business leaders, technology leaders, and privacy professionals to assure the organization meets current standards, complies with regulatory requirements, and addresses the future direction of the business.
• Team Management:
  • Lead and mentor a team of vulnerability management and application security professionals, fostering a culture of excellence, innovation, and collaboration.
  • Define roles, responsibilities, and career development paths within the team to promote growth and maximize performance.
• Vulnerability Assessment and Remediation:
  • Oversee the identification, assessment, and prioritization of vulnerabilities across infrastructure, networks, and applications.
  • Implement effective remediation strategies and controls to mitigate identified vulnerabilities promptly.
• Application Security Governance:
  • Establish and enforce application security policies, standards, and guidelines to ensure compliance with regulatory requirements and industry standards (e.g., OWASP).
  • Conduct regular security assessments and audits of applications to identify security gaps and recommend solutions.
  • Work with developers and architects to ensure security is appropriately built in the development cycle. Coordinate the performance of internal and external network and systems vulnerability assessments and penetration tests.
• Collaboration and Communication:
  • Collaborate with cross-functional teams including IT operations, development, architecture, and risk management to integrate security into the overall IT strategy.
  • Communicate security risks and recommendations to senior leadership and stakeholders, advocating for necessary investments and resources.
• Incident Response and Continuous Improvement:
  • Develop and maintain incident response plans and procedures related to vulnerabilities and application security incidents.
  • Drive continuous improvement initiatives to enhance the effectiveness and efficiency of vulnerability management and application security processes.

Required Skills and Qualifications:

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or related field; advanced degree preferred.
• Proven experience (8+ years) in vulnerability management, application security, or related cybersecurity roles, with at least 5 years in a leadership capacity.
• Deep technical expertise in vulnerability assessment tools, application security testing methodologies, and threat modeling.
• Strong understanding of regulatory requirements, compliance frameworks (e.g., PCI-DSS, GDPR), and industry standards (e.g., NIST, ISO 27001).
• Demonstrated ability to develop and execute strategic initiatives, manage budgets, and drive organizational change.
• Excellent communication skills, with the ability to articulate complex technical concepts to non-technical stakeholders and influence decision-making at all levels.
  

Preferred Qualifications:

• Industry certifications such as CISSP, CISM, CEH, or GIAC certifications (e.g., GPEN, GWAPT).
• Experience with cloud security architecture and technologies (e.g., AWS, Azure, GCP).
• Knowledge of DevSecOps principles and practices, including automation of security testing and monitoring.

#LI-MC1

MassMutual is an Equal Employment Opportunity employer Minority/Female/Sexual Orientation/Gender Identity/Individual with Disability/Protected Veteran. We welcome all persons to apply. Note: Veterans are welcome to apply, regardless of their discharge status.

If you need an accommodation to complete the application process, please contact us and share the specifics of the assistance you need.