Vulnerability Governance Lead in London

Location: London 2-3 days a week onsite

Basic salary: £70K

One of our clients is looking for a Vulnerability Governance Lead to redefine how cyber risk is managed and mitigated across this evolving organisation. This is not a traditional patching or operational security role - it's a strategic position focused on governance, visibility, and accountability.

The successful applicant will establish a modern, risk-led vulnerability management capability, giving the business a clear, unified view of exposure across infrastructure, cloud, and applications. The Vulnerability Governance Lead will drive prioritisation, empower engineering teams, and ensure measurable reduction in risk.

The ideal applicant will have a blended responsibility covering technical insight, risk judgement, and stakeholder influence.

What you'll do:

• Drive exposure visibility and risk clarity
• Build and maintain a single, coherent view of vulnerability risk across environments using tools like Tenable, Wiz, and Snyk
• Correlate findings and prioritise based on real business risk - not just CVSS (asset criticality, exposure, data sensitivity)
• Define and evolve a risk-based severity model aligned to organisational priorities
• Establish ownership and accountability
• Implement a clear 'you own it, you fix it' model across engineering, infrastructure, and product teams
• Ensure all assets have accountable owners and enforce risk-aligned remediation SLAs
• Provide central oversight while enabling teams to act
• Build and embed governance
• Develop and maintain policies, standards, and procedures aligned to ISO 27001, NIST, and CIS
• Design and run a robust exception and risk acceptance process with clear approvals and tracking
• Ensure consistent governance across hybrid environments (cloud and on-prem)
• Create meaningful reporting & executive insight
• Deliver clear, actionable reporting for both technical teams (operational prioritisation) and senior stakeholders (strategic risk visibility)
• Track key metrics including SLA adherence, vulnerability ageing, exposure trends, and coverage
• Provide regular updates to senior leadership and risk committees
• Lead tooling and data integration
• Own the coordination of vulnerability tooling to ensure comprehensive coverage and high-quality, deduplicated data
• Integrate outputs into workflow systems (e.g. ServiceNow) for tracking and accountability
• Drive automation and data improvement - focusing on insight, not remediation
• Enable and influence engineering teams
• Work closely with engineering, DevOps, and platform teams to improve prioritisation and reduce noise
• Provide clear, practical remediation guidance
• Embed vulnerability management into development and operational workflows
• Champion a culture of 'you build it, you run it, you secure it'
• Continuously improve the programme
• Stay ahead of emerging threats and evolve the approach accordingly
• Identify gaps and drive enhancements across tooling, coverage, and process
• Ensure findings from penetration testing are governed and resolved

Your Background:

The ideal candidate will boast:

• Proven experience in vulnerability or exposure management within complex, hybrid environments
• Strong hands-on understanding of vulnerability management tools such as Tenable, Wiz, and/or Snyk
• Experience designing or operating risk-based vulnerability governance frameworks, including SLAs and exceptions
• Solid knowledge of ISO 27001, NIST, and CIS frameworks
• Ability to influence without authority, driving remediation through engineering and platform teams
• Strong analytical skills, with the ability to translate technical findings into business risk language
• Confident communicator, comfortable engaging senior stakeholders and executives
• Experience producing clear, concise, and compelling reporting

If this seems like the role for you please click the apply button now. We invite individuals from underrepresented groups to apply for any of our roles and are committed to supporting accessibility needs.