Full-Time Attack Surface Management Manager

Experian Cyber Fusion Centre is looking for an Attack Surface Management (ASM) Manager to play a crucial role in our cybersecurity strategy.

Primary Focus:

• Lead CTEM Service Delivery: Manage processes for the Continuous Threat Exposure Management (CTEM) service and its provider. Ensure integration with Experian systems, delivering reliable and applicable security insights that inform risk reduction across the enterprise.
• Business Engagement: Manage the Business Engagement Team and Service, providing expertise and strategic direction. Cultivate partnerships with regional infrastructure and application teams to ensure the vulnerability management strategy is understood, agreed upon, and implemented.

Other Responsibilities:

• Maintain risk stratification model to guide vulnerability prioritization based on threat and asset criticality.
• Identify vulnerability prioritization and asset coverage trends, escalating to senior leadership when vulnerability trends are not improving over time.
• Help with response to cybersecurity incidents or threat informed actions, ensuring accurate identification of applicable internal and external risks.
• Guide team members' daily project and operational activities.
• Contribute to security and technology strategic planning to mature our programs.
• Work with Risk & Compliance teams on SOC 2, PCI DSS, HIPAA, and other audits.
• Research and recommend policy and procedures as they relate to Attack Surface Management.

Expert experience supporting Attack Surface Management in vulnerability, remediation, and mitigation as it applies to:

• Common web applications, APIs, misconfigurations, hosts, mobile, Internet of Things, endpoints, infrastructure, cloud, network appliance, OS, firmware, and software supply-chain.

Requirements:

• Management experience in an enterprise-level cybersecurity function.
• Experience engaging and presenting security topics at senior levels in an enterprise organization.
• Experience managing Risk-Based Vulnerability Management models.
• In-depth knowledge of architecture, engineering, and operations of one or more vulnerability management tools, such as: Qualys, Rapid7, Tanium, Axonius, Armis, or other.
• Experience applying models like CMMI, ISO/IEC 2700, OWASP SAMM, NIST, SMM SANS Security Maturity Model.
• Experience developing security reports, trends, and metrics analysis.
• Experience with frameworks like SANS, NIST 800-61, CVSS, CIS, OSSTM, ISO 27001, MITRE ATT&CK, PCI, HIPAA, GDPR or similar.
• Experience with cloud security practices.
• Experience with business and technical requirements analysis, business process modeling/mapping, methodology development, and data mapping.

What is the last date for applying to the job?

Which countries are accepted for this remote job?