We’re working with a leading retail and healthcare organisation that is investing in a more mature, risk-led cyber security function.
They are looking for a Vulnerability & Exposure Lead to take ownership of vulnerability management and help move the organisation towards a modern Exposure Management and CTEM-led capability.
This is not a traditional scanning and reporting role. You’ll be responsible for improving how cyber risk is identified, prioritised, reported and reduced across a complex technology environment.
You’ll work closely with Cyber Operations, GRC, infrastructure, cloud and engineering teams to make sure remediation is driven by real-world risk, exploitability, business impact and attack path context, not just CVSS scores.
The role also offers strong growth potential. The client expects this person to help shape the capability and may hire 1–2 direct reports into the team over the next 6–12 months.
What you’ll be doing
- Own and improve the vulnerability management lifecycle
- Help mature the function towards Exposure Management and CTEM
- Prioritise remediation using exploitability, threat intelligence, asset criticality and business impact
- Improve scanning coverage across cloud, on-premise, and internet-facing assets
- Challenge false positives and improve vulnerability data quality
- Build dashboards, KPIs, and reporting for technical and senior stakeholders
- Partner with technical teams to drive meaningful exposure reduction
- Influence future tooling and process improvements
- Support incident response planning, risk assessments and remediation governance
- Promote better security hygiene across the organisation
What we’re looking for
- Strong experience in Vulnerability Management, Exposure Management or Threat & Vulnerability Management
- Good understanding of CTEM principles
- Experience moving beyond CVSS-led prioritisation into risk-based remediation
- Exposure to tooling such as Qualys, Tenable, Rapid7, Cortex XDR, Defender, Wiz, ServiceNow VR, or similar
- Ability to work with engineering, infrastructure, cloud, SOC, and GRC teams
- Experience creating dashboards, KPIs, reporting packs or remediation governance
- Confidence in influencing stakeholders and translating technical risk into business impact
- Experience leading processes, mentoring others or stepping into a leadership role
- CISSP, CISM, or similar certifications would be beneficial, but equivalent experience is equally valued
Why apply?
- Shape a growing Exposure Management function
- Influence tooling and strategy
- Join a cyber function investing in modern risk-led security
- £70,000 salary plus £5,000 car allowance
If you’re a Vulnerability Management professional ready to move into a more strategic Exposure Management role, this is a strong opportunity to take ownership and make a visible impact.
Click apply or reach out to matthew.lannen@infosecpeople.co.uk for more information.
Vulnerability & Exposure Lead employer: InfoSec People Ltd
Join a leading financial services organisation that prioritises innovation and employee growth, offering a dynamic work culture where your contributions directly impact the deployment of cutting-edge GenAI solutions. With a strong commitment to professional development and collaboration, you'll have the opportunity to work alongside industry experts while enjoying a supportive environment that values your insights and fosters creativity. Located in a vibrant area, this role not only provides meaningful work but also access to a wealth of resources and networking opportunities within the tech community.