Description
Our Purpose
We work to connect and power an inclusive, digital economy that benefits everyone, everywhere by making transactions safe, simple, smart and accessible. Using secure data and networks, partnerships and passion, our innovations and solutions help individuals, financial institutions, governments and businesses realize their greatest potential. Our decency quotient, or DQ, drives our culture and everything we do inside and outside of our company. We cultivate a culture of inclusion for all employees that respects their individual strengths, views, and experiences. We believe that our differences enable us to be a better team – one that makes better decisions, drives innovation and delivers better business results.
Title and Summary
Director Vulnerability Management OverviewThis is an exciting opportunity to be part of the function overseeing Security for Vocalink Limited, a company that enables the payments of 90% of salaries, 70% of utility bills, most ATM transactions and every cheque cleared in the UK.
The successful candidate will become part of a high functioning team, dedicated to delivering a robust, secure and resilient service to 60+million citizens every day with transactional volume of 11 billion/year and total annual transactional value in excess of GBP6 Trillion.
As the Head of Vulnerability Management at Vocalink Limited, you will be a key leader responsible for driving and enhancing the end-to-end vulnerability management strategy within our dynamic payments organization. Operating at the Director level, you will oversee four critical pillars—Penetration Testing, Asset and Network Scanning, Vulnerability Remediation Enablement, and Secure Code Assurance. Your leadership will play a pivotal role in fortifying our cybersecurity posture, ensuring the protection of sensitive financial data, and maintaining the trust of our clients and stakeholders.
Role
In this role, you will:
• Develop and implement a strategic roadmap for effective vulnerability detection and remediation, working closely with operations and development teams.
• Ensure timely and accurate identification of vulnerabilities across the organization's IT assets and services.
• Establish, grow and lead a penetration testing, vulnerability remediation enablement and code assurance team
• Be accountable for thorough assessments of our systems, networks, and applications.
• Provide actionable recommendations based on assessment findings to strengthen our security defenses.
• Oversee the implementation and execution of comprehensive asset and network scanning programs utilizing industry-leading tools such as Qualys and/or Nessus Tenable.
• Ensure proactive collaboration with key stakeholders to prioritize and remediate identified vulnerabilities based on risk assessment and business impact.
• Establish processes and workflows to streamline the remediation lifecycle, reducing time-to-patch critical vulnerabilities.
• Collaborate with relevant stakeholders to enhance the organization's overall incident response capabilities in the context of vulnerability management.
• Lead collaboration with software development teams to implement secure coding practices and drive a focus on integrating security into the development lifecycle.
• Establish and enforce secure coding standards, providing guidance on best practices and industry benchmarks.
• Collaborate with cross-functional teams to identify vulnerabilities, and assess the effectiveness of existing security controls.
• Create actionable metrics and write reports to track progress
• Lead assignment to successful completion
• Define process improvements for vulnerability management processes for gained efficiencies
All About You
• Proven experience in a leadership role within vulnerability management in a payments or financial services environment.
• Track record of building vulnerability management programs to keep up with the ever changing technology and security landscape in a complex organization
• Experience initiating and managing improvement in areas of security by leveraging process metrics
• In-depth knowledge of penetration testing methodologies, vulnerability scanning tools process and tools, and secure coding practices.
• Strong understanding of the payments industry regulatory landscape and compliance requirements.
• An understanding of risk management
• Relevant experience of working in a complex (preferably multi-national) stakeholder environment that includes complex customers and regulators.
• Ability to articulate themselves clearly and concisely to a broad range of senior and junior stakeholders, acting as a bridge as well as guide for the implementation of new capabilities.
• Excellent communication and leadership skills with the ability to collaborate effectively across departments.
• Experience of presenting and communicating at board level
• Embodies and demonstrates all of the brand values required by Vocalink and Mastercard
• Ability to motivate, inspire and lead people effectively
• Line manager and a team player – leads by example
• Strategic thinker – able to develop and communicate direction
• Commercially aware
• Has a bias to action
Corporate Security Responsibility
All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:
Abide by Mastercard's security policies and practices;
Ensure the confidentiality and integrity of the information being accessed;
Report any suspected information security violation or breach, and
Complete all periodic mandatory security trainings in accordance with Mastercard's guidelines.
Apply on company website
Find Connections via Linkedin
