Vulnerability Management Manager

The University of Southern California (USC) department of Information Technology Services (ITS) is seeking a Vulnerability Management Manager with an exceptional commitment to service excellence to join its team.  

As the Vulnerability Management Manager, you will be an integral member of the Information Technology Services (ITS) unit, collaborating with diverse and talented team members to help solve multidimensional information technology problems, improve customer experience, and generate value for our campus stakeholders across a broad base of departments and constituencies.

THE WORK YOU WILL DO

The Vulnerability Management Manager drives vulnerability management strategies and goals through coaching, mentoring and career guidance. Develops and maintains strong partnerships with university stakeholders, ensuring endto-end vulnerability remediation. Directs vulnerability assessments and penetration tests, assists with strategic planning, supports compliance and risk management activities, and pushes for improvements to mitigate risk.

The Vulnerability Management Manager

• Ensures continuous vulnerability lifecycle management within the university, detecting, monitoring, reporting, and assessing impact on vulnerability-related data from internal/external sources. Develops and drives remediation strategies to address vulnerabilities and reduce attack surface. Assists with strategic planning, driving improvements and providing input on capabilities and methods for vulnerability management and security testing. Supports compliance and risk management activities, recommending security controls and corrective actions to mitigate vulnerability risks.

• Develops and maintains strong partnerships to drive end-to-end vulnerability remediation, ensure consistent customer experience, broaden awareness and use of services, and educate users on security best practices integrated in key areas. Partners with IT teams to assess potential negative impacts of remediation and apply compensating/mitigating controls. Provides communications across the organization, interfacing with senior leadership, driving security hardening best practices, and representing the vulnerability management team with customers and partners.

• Drives requirements definition, evaluation, recommendation, implementation, and troubleshooting of vulnerability management tools. Develops security testing capabilities and directs ongoing vulnerability assessments and penetration tests. Assesses current and emerging threats, cyberattacks, and zero-day vulnerabilities that pose risks to the university. Notifies partners on threats and vulnerabilities to reduce the attack surface.

• Leads and supports vulnerability management team, establishing team and individual goals that support overall objectives. Coaches, mentors, and provides career development guidance. Establishes daily operations, regular communications, and resource planning, providing guidance, relaying expectations and leading team initiatives and activities. Recruits, screens, hires, trains and directly supervises all assigned subordinate staff. Evaluates employee performance. Counsels, disciplines and/or terminates employees, as required.

• Maintains awareness and knowledge of current changes within legal, regulatory, and technological environments which may affect operations. Ensures senior management and staff are informed of any changes in a timely manner. Establishes and maintains network of professional contacts. Maintains membership in appropriate professional organizations and publications. Attends meetings, seminars and conferences and maintains continuity of any required or desirable certifications, if applicable.

• Promotes an environment that fosters inclusive relationships and creates unbiased opportunities for contributions through ideas, words, and actions that uphold principles of the USC Code of Ethics. Recommends departmental goals and objectives (e.g., workforce planning, compensation). Reassesses or redefines priorities as appropriate in order to achieve performance objectives

• Performs other related duties as assigned or requested. The university reserves the right to add or change duties at any time.

PREFERRED QUALIFICATIONS

The ideal candidate for the position of Vulnerability Management Manager has the following qualifications:

• Master’s degree in related field

• 10 years of directly related experience as a Vulnerability Management Manager or similar role

• Experienced in presenting to large groups with confidence and polished presentation skills.

• Working toward or has CISSP, CISSP-ISSMP, CISM, and/or CRISC certifications.

• Experience in penetration testing.

MINIMUM QUALIFICATIONS

Candidates for the position of Vulnerability Management Manager must meet the following qualifications:

• Bachelor’s degree or combined experience/education as a substitute for minimum education

• 7 years of directly related experience

• Extensive experience in information security management and knowledge of internet security and networking protocols.

• Two years’ experience leading a vulnerability management program, with the ability to prioritize projects and deliverables. Demonstrated understanding of vulnerability management and security testing practices and methodologies.

• Thorough knowledge of cloud computing and security issues related to cloud environments. Ability to evaluate business risks and recommend appropriate information security measures. Proven understanding of common vulnerability frameworks (e.g., CVSS, OWASP Top 10).

• Ability to quickly adapt as the external environment and organization evolves. Experience in configuration management of Nexpose and AppScan.

• Understanding of system, application, and database-hardening techniques and practices. Ability to interact effectively at all levels of an organization and across diverse cultural and linguistic barriers. Project management experience.

• Excellent written and oral communication skills.

THE ITS TEAM

The ITS vision aligns strategy, business, and services; affirms ITS cultural values; empowers cross-functional teamwork; embraces world-class best practices; and promotes innovation, excellence, agility, and efficiency. To achieve this vision, ITS is committed to providing a modern technology infrastructure that is resilient and delivers the performance necessary to meet the demands of a growing customer base, training in the latest technologies for its highly productive and motivated workforce, outstanding customer experience, and technology services that are aligned with the university’s mission to provide exceptional learning opportunities for students. ITS is creating a workplace where employees can develop cutting-edge skills, take pride in the services they provide, and have access to the roles and career paths that align to their abilities and potential.  We are looking for top talent to join us on our journey.

ITS CULTURE

USC’s ITS organization represents a diverse and talented team, committed to supporting a collaborative culture and delivering secure and innovative IT services that are core to the mission of the university. We are also committed to creating and maintaining meaningful partnerships across the university. At ITS, we act with integrity in the pursuit of excellence; embrace diversity, equity and inclusion; promote well-being; engage in open two-way communication and are accountable for living our values. ITS strives for a supportive and inclusive culture that encourages employees to do their best work every day and where individuals are recognized and celebrated for their contributions.

ABOUT USC

USC is the leading private research university in Los Angeles—a global center for arts, technology, and international business. With more than 47,500 students, we are located primarily in Los Angeles but also in various US and global satellite locations. As the largest private employer in Los Angeles, responsible for $8 billion annually in economic activity in the region, we offer the opportunity to work in a dynamic and diverse environment, in careers that span a broad spectrum of talents and skills across a variety of academic and professional schools and administrative units. As a USC employee and member of the Trojan Family—the faculty, staff, students, and alumni who make USC a great place to work—you will enjoy excellent benefits, including a variety of well-being programs designed to help individuals achieve work-life balance. USC values diversity and is committed to equal opportunity in employment.

Come join the USC ITS team and work as a trusted partner in shaping an environment of innovation and excellence. Apply today!

Minimum Education: Bachelor's degree. Combined experience/education as substitute for minimum education. Minimum Experience: 7 years Preferred Education: Minimum Field of Expertise: Extensive experience in information security management and knowledge of internet security and networking protocols. Two years’ experience leading a vulnerability management program, with the ability to prioritize projects and deliverables. Demonstrated understanding of vulnerability management and security testing practices and methodologies. Thorough knowledge of cloud computing and security issues related to cloud environments. Ability to evaluate business risks and recommend appropriate information security measures. Proven understanding of common vulnerability frameworks (e.g., CVSS, OWASP Top 10). Ability to quickly adapt as the external environment and organization evolves. Experience in configuration management of Nexpose and AppScan. Understanding of system, application, and database-hardening techniques and practices. Ability to interact effectively at all levels of an organization and across diverse cultural and linguistic barriers. Project management experience. Excellent written and oral communication skills.