Director, Vulnerability Management (Manchester)

Fitch Group is currently seeking a Director of Vulnerability Risk based out of our Manchester office. We are seeking a Director to lead our Vulnerability Management (VM) team. This role is ideal for an experienced security leader with a risk mindset who can oversee all aspects of vulnerability management, including identification, risk prioritisation, and remediation of vulnerabilities discovered. The ideal candidate for this role will bring innovative ideas on how to consistently apply risk prioritisation through automation, leveraging AI where appropriate.

Application of a risk mindset with consideration for the company’s set of standing security controls.

• Ideas on opportunities to strengthen protection of our critical assets.
• Strong collaboration across the vulnerability management teams and stakeholders.
• Delivering real-time metrics reports.
• Remediation tracking aligned with organisational risk priorities.

This is a new role to oversee a recently established unified vulnerability management programme, covering infrastructure and cloud scanning, application security testing, and penetration testing.

How You’ll Make An Impact

• Define and execute the strategic roadmap for the Unified Vulnerability Management programme, including resource planning, performance tracking, and establishing and reporting on metrics.
• Lead the end-to-end vulnerability management lifecycle using a consistent, risk-based assessment methodology that evaluates likelihood, impact, control environment and Fitch specific business context, ensuring timely remediation and compliance with internal policies.
• Govern the intake, normalisation, and triage of findings originating from tools and assessments to ensure alignment with a unified lifecycle management process.
• Manage vulnerabilities identified from scanning tools covering open source, custom source code, dynamic application scanning, static application scanning, infrastructure scanning, and cloud security posture management solutions (SCA, SAST, DAST, infrastructure, CSPM).
• Provide risk informed visibility to stakeholders through clear dashboards and other reporting mechanisms which indicate remediation expectations.
• Ensure proper reporting of vulnerabilities to stakeholders and drive remediation efforts from an Information Security perspective.
• Develop strong partnerships with engineering, application development, and infrastructure teams to align remediation workflows and streamline ticketing processes for opening and closing vulnerabilities.
• Maintain and track team workload, ensuring transparency and accountability.
• Collaborate with subject matter experts across InfoSec and Technology to contextualise findings, validate assessments, resolve ambiguity and accelerate closure without compromising risk posture.
• Own and operationalise Fitch’s cyber risk taxonomy, threat intelligence, compensating control analysis, and architectural context to ensure findings are prioritised appropriately.
• Perform contextual analyses for vulnerability risk prioritisation based on business criticality, cloud architecture details, system and application architecture, and data confidentiality.
• Produce and maintain dashboards, metrics and trend analyses to facilitate consumption of risk information and enable responses to requests for executive reporting and audit requests.
• Deliver VM team projects on time and on budget, ensuring alignment with department goals, organisational goals and regulatory requirements.

You May Be a Good Fit If

The ideal candidate will have 7-10 years of progressive leadership experience in Information Security, with at least 2 years in a dedicated Vulnerability Management role. They should demonstrate strong leadership skills, experience managing vulnerabilities across SAST, DAST, SCA, infrastructure, and CSPM solutions, and excellent communication and collaboration abilities for engaging technical teams and senior stakeholders.

What Would Make You Stand Out

• 7+ years of progressive security experience, with at least 3+ years assessing and managing vulnerability risks for multi-cloud enterprise systems.
• Experience applying industry frameworks and compliance standards (NIST, DORA) to apply risk classifications during the vulnerability lifecycle management process.
• Experience producing contextual analysis for vulnerability risk prioritisation based on system criticality, cloud architecture details, system and application architecture, and data confidentiality.
• Experience coordinating management of multiple vulnerability scanning tools and managing vulnerabilities identified from scanning tools covering open source, custom code, dynamic application scanning, static application scanning, infrastructure scanning, and cloud security posture management solutions (SCA, SAST, DAST, infrastructure, CSPM).
• Experience managing remediation lifecycles through enterprise ticketing systems for vulnerability tracking and workflow automation.
• Proven ability to create executive-level dashboards and reports for vulnerability metrics.
• Excellent communication and collaboration skills for engaging technical teams and senior stakeholders.

Leadership and Team Management

• Leadership and team management skills, including resource planning, OKR setting, and performance reviews.
• Strong problem-solving skills and ability to make risk-based decisions while managing multiple projects simultaneously.
• Experience leveraging or guiding the work to use AI-powered security tools or platforms to improve vulnerability detection and remediation workflows.

Why Choose Fitch

• Hybrid Work Environment: 2 to 3 days a week in office required based on your line of business and location.
• A Culture of Learning & Mobility: Dedicated training, leadership development and mentorship programmes designed to ensure your time at Fitch will be a continuous learning opportunity.
• Investing in Your Future: Retirement planning, financial wellness and tuition reimbursement programmes that empower you to achieve your short and long-term goals.
• Promoting Health & Wellness: Comprehensive healthcare offerings that prioritise a healthy body & mind.
• Supportive Parenting Policies: Family-first policies, including a generous global parental leave plan, designed to help you balance career and family life effectively.
• Dedication to Giving Back: Paid volunteer days and support for community engagement initiatives.

Fitch is committed to providing global securities markets with objective, timely, independent and forward-looking credit opinions. To protect Fitch’s credibility and reputation, our employees must take every precaution to avoid conflicts of interest or any appearance of a conflict of interest. If you, or your immediate family, have any holdings that may conflict with your work responsibilities, you may be asked to divest yourself of them before beginning work. Fitch is proud to be an Equal Opportunity and affirmative Action Employer. We evaluate qualified applicants without regard to race, colour, national origin, religion, sex, sexual orientation, gender identity, disability, protected veteran status, and other statuses protected by law.