The objective of the Vulnerability Management Program is to ensure the integrity of Xerox IT systems, proactively evaluating them for weaknesses in software security.

• Lead various activities in vulnerability management program including planning,execution, reporting of infrastructure vulnerabilities
• Maintain scanning solution infrastructure and strategic roadmap. As business needs evolve, lead the strategic planning and ideation of security tools that aid in the objectives to manage IT security risk to systems and software.
• Configure, schedule, and perform automated vulnerability/compliance scanning on both Xerox external and internal infrastructure.
• Troubleshoot and repair vulnerability scanning issues across a complex landscape.
• Own and manage entire vulnerability lifecycle from discovery to remediation.
• Create vulnerability reports and communicate to the asset owners.
• Prioritize and guide remediation efforts and track vulnerabilities to closure.
• Alert infrastructure owners on critical vulnerabilities and escalate for urgent remediation
• Maintain environment documentation through the tools’ lifecycle as well as operational procedures with service suppliers.

• Technical cyber security certification CISSP, SANS, GSEC, CISA, etc.
• Min 12 years of experience of in enterprise vulnerability scanning tools such as Tenable or Qualys.
• Good technical understanding of infrastructure vulnerabilities.
• Min 5+ years’ experience leading vulnerability management program for large enterprises
• Experience in managing risk in a shared services/data center/cloud environment with proven results in reduction/management of risk.
• Ability to interact with and influence project/program/IT teams in balancing security needs with business needs
• Effectively, and persuasively communicates security risks in business terms.
• Takes initiative to remain up to date with information security skills and fosters and attitude of continual learning / adapting
• Strong analytical skills with an emphasis on fact based reporting/summaries using technologies
• Good time management and attention to detail
• Maintains knowledge of the technical specialism at a detailed level and is responsible for own personal growth and technical proficiency.