Head of Vulnerability & Business Information Risk Management
Boston, Massachusetts; Springfield, Massachusetts; New York, New York
Job ID: R16460
Overview
A career with us means you’ll help our customers secure their future and protect the ones they love. It also means you’ll work alongside exceptional people and be empowered to reach your professional and personal goals. Our employees are at the foundation of what makes MassMutual a strong, stable, and ethical business.
Our culture embodies the idea that we all are stronger and better through our support for one another. By valuing people for who they are, how they think, and what they bring to the table, we’ve become a better, more innovative company.
We invite you to explore the possibilities.
What our employees say
Job Description
Overview:
We are seeking a highly skilled and strategic leader to join our organization as the Head of Vulnerability & Business Information Risk Management. In this role, you will be responsible for overseeing and enhancing our vulnerability management program and application security practices. You will lead a team of experts to identify, assess, prioritize, and mitigate vulnerabilities across our systems and applications, ensuring the integrity and security of our technology infrastructure.
Key Responsibilities
- Leadership and Strategy:
- Develop and execute a comprehensive vulnerability management strategy aligned with organizational goals and industry best practices.
- Provide strategic direction and vision for application security initiatives, integrating security into the software development lifecycle (SDLC).
- BISO and Enterprise Advisory Services:
- Working closely with business leaders, technology leaders, and privacy professionals to assure the organization meets current standards, complies with regulatory requirements, and addresses the future direction of the business.
- Team Management:
- Lead and mentor a team of vulnerability management and application security professionals, fostering a culture of excellence, innovation, and collaboration.
- Define roles, responsibilities, and career development paths within the team to promote growth and maximize performance.
- Vulnerability Assessment and Remediation:
- Oversee the identification, assessment, and prioritization of vulnerabilities across infrastructure, networks, and applications.
- Implement effective remediation strategies and controls to mitigate identified vulnerabilities promptly.
- Application Security Governance:
- Establish and enforce application security policies, standards, and guidelines to ensure compliance with regulatory requirements and industry standards (e.g., OWASP).
- Conduct regular security assessments and audits of applications to identify security gaps and recommend solutions.
- Work with developers and architects to ensure security is appropriately built in the development cycle. Coordinate the performance of internal and external network and systems vulnerability assessments and penetration tests.
- Collaboration and Communication:
- Collaborate with cross-functional teams including IT operations, development, architecture, and risk management to integrate security into the overall IT strategy.
- Communicate security risks and recommendations to senior leadership and stakeholders, advocating for necessary investments and resources.
- Incident Response and Continuous Improvement:
- Develop and maintain incident response plans and procedures related to vulnerabilities and application security incidents.
- Drive continuous improvement initiatives to enhance the effectiveness and efficiency of vulnerability management and application security processes.
Required Skills and Qualifications:
- Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or related field; advanced degree preferred.
- Proven experience (8+ years) in vulnerability management, application security, or related cybersecurity roles, with at least 5 years in a leadership capacity.
- Deep technical expertise in vulnerability assessment tools, application security testing methodologies, and threat modeling.
- Strong understanding of regulatory requirements, compliance frameworks (e.g., PCI-DSS, GDPR), and industry standards (e.g., NIST, ISO 27001).
- Demonstrated ability to develop and execute strategic initiatives, manage budgets, and drive organizational change.
- Excellent communication skills, with the ability to articulate complex technical concepts to non-technical stakeholders and influence decision-making at all levels.
Preferred Qualifications:
- Industry certifications such as CISSP, CISM, CEH, or GIAC certifications (e.g., GPEN, GWAPT).
- Experience with cloud security architecture and technologies (e.g., AWS, Azure, GCP).
- Knowledge of DevSecOps principles and practices, including automation of security testing and monitoring.
#LI-MC1
MassMutual is an Equal Employment Opportunity employer Minority/Female/Sexual Orientation/Gender Identity/Individual with Disability/Protected Veteran. We welcome all persons to apply. Note: Veterans are welcome to apply, regardless of their discharge status.If you need an accommodation to complete the application process, please contact us and share the specifics of the assistance you need.
State and federal laws and regulations, including the Violent Crime Control and Law Enforcement Act, limit employment of individuals with certain criminal backgrounds.
EEO Statement(Opens in new window)MassMutual will accept applications on an ongoing basis until such time as a candidate has been offered employment.
Salary Range: $189,900.00-$249,200.00
Hiring Process
-
Explore
To get started, explore our open jobs by clicking 'search jobs' to find a position that aligns with your experience and skills. You may also consider joining our Talent Network to receive information on jobs that may interest you and stay up-to-date with the latest MassMutual news.
-
Apply
To apply for a specific position, please click the “apply” button on that job posting to complete and submit your application. Your application will be reviewed by a recruiter which, due to the volume of applications received, may take some time as we carefully consider each application.
-
Screen
After your application has been reviewed, if you meet the qualifications for the role, a recruiter will reach out to you to start a conversation.
-
Interview
If you are invited for an interview, you will be scheduled to meet with the hiring manager and hiring team. Coordinating calendars for interview schedules can take time, so your patience and flexibility is appreciated.
-
Offer
If you are extended an offer to join MassMutual and accept, your start will be contingent upon a satisfactory background check.
-
Hire
If you accept the offer, we will be so excited to welcome you to the MassMutual community!
Recruitment Fraud Awareness
Job recruiter fraud is a scam by impostors posing as recruiters or representatives of a company promoting fake job opportunities to job seekers.
MassMutual will never ask job candidates to pay any kind of fee, make cash or check advancements, cash checks or make an investment in any product or service or provide information such as credit card numbers or banking PIN numbers as part of our hiring process.
If you are contacted by anyone asking for information outlined above it is likely fraudulent. If you have any concerns about the veracity of a request, please contact us directly to verify its legitimacy.
If you need an accommodation to complete the application process, please contact us and share the specifics of the assistance you need.
Award-Winning Culture
MassMutual is guided by a single purpose: We help people secure their future and protect the ones they love. As a company operated for the benefit of our members and participating policyowners, we are defined by mutuality and our vision to provide financial well-being for all Americans. It’s more than our company structure—it’s our way of life. We are a company of people protecting people. Our company exists because people are willing to share risk and resources and rely on each other when it counts.
We strive to embrace diversity in every sense, focusing on building a thriving community where everyone is valued, included, and feels that they belong.
At MassMutual, we Live Mutual.
Benefits for the whole you (and your loved ones)
There’s more to your life than your job and there’s more to your aspirations than a paycheck. We take a holistic view of compensation and benefits that provides the flexibility to create a healthy balance in your life for work, family, and community. We offer the benefits you’d expect, like medical, dental, 401(k), and generous vacation time, but we also offer ones you might not expect, like three paid days for volunteering, a $1250 annual wellness wallet, and up to 320 hours of caregiver leave.
Explore some of our offerings below. Full benefits details can be found here.
- In addition to generous vacation time, paid holidays, and flexible holidays, MassMutual offers 'take care' time to take care of yourself or someone you love—whether for physical illness or mental health.
- Medical and dental insurance
- Life, disability short-term and long-term insurance
- Well-being wallet: $1,250 per year for a wide range of qualifying wellness expenses
- Well-being support: Mindfulness, nutrition, fitness
- Personalized mental health solutions
- Adoption and surrogacy reimbursement programs
- Competitive salary and bonuses
- 401(k): Up to 10% total benefit, consisting of a 5% company match and a 5% annual contribution
- Educational assistance program
- Childcare support
- Financial counseling
- Caregiver Leave (up to 320 hours)
- Maternity Leave (a total of 18 weeks, 10 maternity + 8 parental)
- Parental Leave (8 weeks for all parents, birth or adoption, continuous or intermittent)
- Bereavement Leave: Up to 15 days to mourn the loss of a loved one, and you define 'loved one'
- Matching Gift: 100% match on employees’ charitable contributions to non-profits up to $5,000
- Volunteering: Three paid days for employees to volunteer with eligible nonprofits of their choice
- Matching time: MassMutual Foundation awards dollars to organizations for which employees volunteer
- Qualified Commuter Program through which eligible employees can pay qualified workplace commuting expenses with before-tax dollars
- Commuter wallet option for employees based at Boston and NYC campuses
Why MassMutual?
Compliance Consultant
Service Management Consultant
Head of Experience Journey Mapping
How we work
MassMutual’s flexible workplace approach combines the importance of connecting in person and the flexibility of working remotely. Our hybrid model puts collaboration first with employees coming in at least three days per week to our spectacular campus settings and also enjoying the flexibility of remote Fridays, company-wide remote weeks, and a bank of flexible remote weeks to use throughout the year.
Where we work
Springfield Office
1295 State Street,
Springfield, MA
Boston Office
10 Fan Pier Blvd,
Boston, MA
New York Office
2 Park Ave,
New York, NY
Virtual
New Job Openings
-
Anaplan, Senior Model Builder Boston, Massachusetts
-
Head of Security Operations Center (SOC) Boston, Massachusetts
-
Accountant – Business Accounting Integration Team Boston, Massachusetts
-
Data Architect Springfield, Massachusetts
-
Head of Cyber Third Party and Risk Management Boston, Massachusetts
-
Technology Lead: Corporate Tech Engineering Boston, Massachusetts
Interested in pursuing a career as a financial professional? Learn how you can build your business and help people secure their future and protect the ones they love.