Vulnerability Management Lead

Our client, a prominent hedge fund, is seeking a Vulnerability Management Lead to join their London team. This role will take full ownership of the firm's vulnerability management program, focusing on identifying, assessing, and mitigating security risks across systems, networks, and applications. Combining technical expertise with operational oversight, the position requires close collaboration with internal stakeholders to ensure vulnerabilities are addressed promptly and effectively.

As the Vulnerability Management Lead, you will oversee both the technical aspects of vulnerability detection and prioritization, as well as the operational side, including stakeholder communication, cross-functional coordination, compliance, and reporting. You will assess vulnerabilities based on exploitability, manage patching schedules, and ensure robust pre- and post-patch validation. This position reports directly to the Head of Security.

Key Responsibilities

• Lead vulnerability scanning, analysis, prioritization, and remediation, ensuring alignment with security policies and compliance requirements.
• Collaborate with IT, cloud, engineering, business, and security teams to coordinate patching and remediation with minimal business disruption.
• Draft and distribute clear communication regarding upcoming patching activities.
• Oversee patch testing and validation, ensuring patches are properly tested pre-deployment and verified post-deployment using appropriate tools.
• Maintain oversight of the end-to-end vulnerability management process, ensuring timely resolution and ongoing improvements.

Required Skills & Experience

• 5+ years of experience in vulnerability management or a similar security role, including 2+ years in a leadership position.
• Strong technical knowledge and hands-on experience with vulnerability scanning and assessment tools.
• Familiarity with on-premise, cloud (AWS, Azure), and hybrid environments.
• Ability to communicate effectively with both technical and non-technical stakeholders.
• Proven experience in coordinating patch management across a large organization and multiple time zones while minimizing business disruption.
• Ability to assess vulnerabilities based on risk and exploitability, providing strategic guidance on patching priorities.
• Strong organizational and coordination skills to manage patching schedules, stakeholder engagement, and compliance requirements.