N

Infrastructure Vulnerability Management Governance Lead

Northern Trust · Pune, Maharashtra, India

~₹40L (est.)8–15 yrs experiencefull_timePosted 5 days ago
Apply now →

Job description

**Job Description - Infrastructure Vulnerability Management Governance and Oversight Support Lead Location Pune** The Infrastructure Vulnerability Management Governance and Oversight Support Lead is a key position within the Global Infrastructure Risk and Control team. The role focuses on providing governance, risk oversight, and remediation support across Infrastructure Vulnerability Management domains. This position partners closely with Vulnerability Operations, Infrastructure Platform teams, Application teams, Technology owners, and Risk partners to ensure effective vulnerability remediation governance, control effectiveness, timely closure of identified risks, and strong audit and regulatory readiness. The role provides risk-minded guidance, supports escalation management, and enables consistent, executive-ready reporting of the organizations vulnerability risk posture. Major Duties - Support the Principal in managing Vulnerability Management governance activities across regions, including oversight of remediation plans, risk exceptions, SLA breaches, escalations, and closure tracking. - Support the Principal in strengthening Vulnerability Management processes and improving control sustainability across Infrastructure and Platform teams. - Drive weekly and monthly vulnerability risk and remediation reporting, including current state, aging, due and overdue vulnerabilities, SLA adherence, exception status, and executive escalations. - Support Infrastructure and Application owners in identifying vulnerability-related risks and assessing the design and operating effectiveness of vulnerability management controls. - Lead governance activities related to Infrastructure Vulnerabilities (VITs), Container Vulnerabilities (CVITs), Application Security findings, Secure Configuration findings (CTRs), deferrals, and false-positive validations. - Monitor and challenge remediation progress to ensure accountability and timely closure of high-risk and aging vulnerabilities. - Establish and maintain strong working relationships with Vulnerability Operations, Infrastructure teams, Technology owners, Risk Management, and Cyber Security stakeholders globally. - Facilitate governance forums and oversight meetings, ensuring actions, risks, decisions, and commitments are accurately documented, tracked, and reported. - Coordinate with Global and Regional stakeholders to plan and execute vulnerability oversight coverage aligned with audit requirements, regulatory expectations, and emerging risk priorities. - Analyze vulnerability trends, recurring remediation delays, and systemic risk themes to identify opportunities for control improvement and process enhancement. - Support audit and assessment activities by ensuring audit-ready documentation, evidence, metrics, and response coordination related to Vulnerability Management governance. - Provide executive-level visibility on remediation performance, risk concentrations, and emerging cyber risk themes through dashboards, scorecards, and leadership reporting. **Must Have** - Strong experience in Vulnerability Management governance, risk, and control oversight, with 8+ years in Information Security, Technology Risk, Cyber Risk, or related roles. - 4+ years of experience in Financial Services. - In-depth understanding of Vulnerability Management processes, remediation lifecycle management, vulnerability prioritization methodologies, risk exceptions, and regulatory expectations in large enterprise environments. - Strong understanding of vulnerability severity models, including CVSS-based prioritization and risk-based remediation frameworks. - Proven ability to manage remediation accountability, escalations, governance forums, and closure tracking across multiple technology teams. - Highly motivated, self-starter who handles ambiguity well and drives execution end-to-end. - Strong critical thinking, analytical, leadership, stakeholder management, and organizational skills. - Proven ability to build relationships, influence stakeholders, and drive risk-based decisions across functions. - Ability to challenge and influence stakeholders with differing viewpoints while driving consensus and measurable outcomes. - Strong verbal and written communication skills with the ability to present executive-ready risk reports and governance updates. **Good to Have** - Certifications in Information Security, Cyber Risk, Vulnerability Management, Risk, or Audit (e.g., CISSP, CISM, CRISC, CISA, CIA). - Hands-on exposure to vulnerability management platforms and security tooling such as Tenable, Qualys, Rapid7, ServiceNow Vulnerability Response, Wiz, Prisma Cloud, or similar technologies. - Understanding of Infrastructure patch management, secure configuration management, cloud security, and application security practices. - Experience with Power BI or similar reporting and visualization tools. - Experience with ServiceNow, governance tracking, metrics reporting, or dashboarding solutions. - Prior experience supporting technology audits, regulatory reviews, or cybersecurity assessments in Financial Services. - Experience in vulnerability risk analytics, trend analysis, and executive-level cyber risk reporting. **Qualification** - 8+ years of experience in Vulnerability Management, Cyber Security, Technology Risk, Infrastructure Risk, or Security Governance roles. - 4+ years of experience in Financial Services. - Bachelors degree in Information Technology, Cyber Security, Computer Science, Risk Management, or related field. - Certifications in Cyber Security, Risk, Audit, or Vulnerability Management are preferred. - Experience working with global stakeholders and large-scale enterprise Infrastructure environments is preferred. - Experience supporting vulnerability governance programs, remediation oversight, and audit readiness activities is highly desirable.