Vulnerability Manager | S3 | Chief Information & Resilience Office | Multiple Locations in Milton Keynes

Overview

This role will support the delivery of a data‑driven vulnerability management capability, enabling effective identification, assessment, and remediation of risks across services, systems, and third‑party environments. It is a technically focused role with strong emphasis on data analysis, vulnerability tracking, and dependency understanding, ensuring that vulnerabilities are accurately captured, prioritised, and remediated in line with operational resilience objectives. You will work across technology, cyber, and business teams to translate complex system and data insights into actionable risk outcomes, supporting the organisation in maintaining a proactive risk posture.

Responsibilities

• Maintain a centralised vulnerability data set (single source of truth), ensuring clear linkage to source systems, impacted services (IBS), and remediation status.
• Support vulnerability identification, assessment, and prioritisation using data‑driven approaches and risk frameworks.
• Perform resilience assessments with stakeholders, identify weaknesses and drive proactive remediation actions.
• Analyse service architecture, technology dependencies, and data flows to understand vulnerability impact and systemic risk exposure.
• Provide SME challenge across cyber, data, and third‑party environments to ensure effective vulnerability management practices.
• Support risk reporting, trend analysis and MI production for governance forums and decision‑making.
• Contribute to risk and control assessments (RCSA) and ensure alignment with regulatory and internal frameworks.
• Collaborate with stakeholders to ensure timely remediation and effective risk mitigation across the Directorate.

Qualifications

Experience and Knowledge

• Experience in operational risk, vulnerability management or cyber/technology risk environments (Required).
• Experience working with risk frameworks, controls and governance processes (Required).
• Experience analysing data from multiple sources to identify risk trends and insights (Required).
• Experience supporting regulatory, audit or compliance activities (Preferred).
• Knowledge of operational risk frameworks and regulatory expectations (Required).
• Familiarity with control frameworks such as COSO or SOX and risk assessment methodologies (Preferred).
• Undergraduate degree in Risk, Technology, Cybersecurity, Data or related field, or equivalent experience (Preferred).

Languages

• English (Required).

Hard Skills

• Understanding of vulnerability management processes, tools and frameworks (Required).
• Knowledge of technology architecture, system dependencies and data flows (Required).
• Strong analytical capability for interpreting risk and vulnerability data (Required).
• Experience with risk reporting, MI and trend analysis (Required).

Soft Skills

• Strong analytical thinking and problem‑solving capability (Required).
• Ability to translate technical findings into business‑relevant risk insights (Required).
• Strong stakeholder engagement and collaboration skills (Required).
• Ability to challenge constructively and influence outcomes (Required).
• High attention to detail and commitment to data accuracy and quality (Required).

Compensation and Benefits

• Salary Range: £55,167.00 – £82,751.00 per annum (depending on experience).
• 30 days holiday plus bank holidays (31 days after 5 years of service), with the option to purchase up to 5 contractual days per year.
• £6,000 car allowance per year.
• Company‑funded individual private medical insurance.
• Protection for you and your family with company‑funded death‑in‑service benefit and income protection insurance.
• Discounted rates for additional life assurance and critical illness cover.
• Share plans offering participation in Santander’s success.
• Access to staff‑only products such as Edge Current Accounts and Credit Cards, and other Santander product discounts.

At Santander, we are proud to be an inclusive organisation that provides equal opportunities for everyone, regardless of age, gender, disability, civil status, race, religion or sexual orientation.