6 days ago

IT Governance, Risk, and Vulnerability Management Lead

Jobs via Dice

Hybrid
Full Time
$150,000
Hybrid

Job Overview

Job TitleIT Governance, Risk, and Vulnerability Management Lead
Job TypeFull Time
CategoryCommerce
Experience5 Years
DegreeMaster
Offered Salary$150,000
LocationHybrid

Who's the hiring manager?

Sign up to PitchMeAI to discover the hiring manager's details for this job. We will also write them an intro email for you.

Uncover Hiring Manager

Job Description

Overview

We are seeking an experienced IT Governance, Risk, and Vulnerability Management Lead to drive governance, controls assurance, vulnerability management, and compliance across the organization. This role plays a critical part in ensuring IT controls align with regulatory and industry frameworks, vulnerabilities are effectively governed through closure, and leadership has clear visibility through metrics, dashboards, and reporting.

This position partners closely with IT Risk Management, Cybersecurity, Audit, Infrastructure, and Application teams to reduce operational risk while enabling business objectives.

Key Responsibilities

Governance and Controls Assurance
  • Lead the development, implementation, and ongoing maintenance of IT controls aligned with industry and regulatory frameworks (NIST, NERC, ISO, SOX).
  • Map regulatory, audit, and business requirements to control objectives and ensure sustained compliance.
  • Prepare management responses to audit findings, develop remediation plans, and track closure of issues.
  • Collaborate with IT Risk Management, Cybersecurity, and Audit teams to ensure controls support organizational and regulatory objectives.
  • Design and build governance processes for IT vulnerability management, risk management, and compliance.
  • Apply domain expertise to partner with IT teams to identify, define, and analyze SLA requirements and processes.
  • Monitor vulnerability lifecycle progress and ensure timely remediation and closure.
  • Identify process gaps and recommend improvements to enhance efficiency and reduce operational risk.
Reporting and Metrics Management
  • Define, track, and manage key performance indicators (KPIs) across IT business areas, including: IT Service Management, Vulnerability Management, Application Management, Infrastructure Management.
  • Produce executive-level reports and dashboards on vulnerability management status, SLA adherence, and IT operational performance.
  • Ensure data quality and consistency through company-approved methodologies and standards.
Vulnerability Management and Compliance
  • Serve as the primary point of contact for vulnerability remediation, escalations, and related inquiries.
  • Govern and enforce the IT Vulnerability Management process, from identification through remediation and closure.
  • Analyze vulnerability status, track SLA adherence, and develop action plans, schedules, and escalation paths to meet or exceed SLA targets.
  • Collaborate with cross-functional teams to assess risk associated with open vulnerabilities and implement mitigation strategies.
  • Manage the full vulnerability lifecycle, including risk acceptance for residual vulnerabilities.
  • Coordinate schedules, milestones, and resources across IT teams and vendors (e.g., infrastructure, database, telecommunications, operations, and technical support).
  • Proactively escalate unresolved vulnerabilities and eliminate remediation backlogs.

Qualifications

  • Demonstrated experience in IT project management methodologies, requirements management, quality assurance, and IT operational processes.
  • Broad understanding of business applications, system architectures, and technology alternatives.
  • Deep familiarity with governance and assurance frameworks, including: NIST CSF and NIST 800-53, COBIT, NERC CIP, SOX.
  • Strong knowledge of IT general controls (ITGCs), application controls, cybersecurity principles, and disaster recovery/business continuity.
  • Proven expertise in vulnerability management processes, risk assessment methodologies, and SLA/KPI definition and reporting.
  • Hands-on experience using analytical and reporting tools to automate performance metrics and dashboards.
  • Prior experience in IT governance, risk, and/or compliance (GRC) roles.
  • Strong analytical skills with the ability to translate insights into clear, actionable recommendations for technical and executive stakeholders.

Key skills/competency

  • IT Governance
  • Risk Management
  • Vulnerability Management
  • Compliance
  • Controls Assurance
  • NIST Frameworks
  • SOX Compliance
  • GRC
  • Cybersecurity Principles
  • Reporting & Metrics

Tags:

IT Governance, Risk, Vulnerability Management Lead
governance
risk management
vulnerability management
compliance
controls assurance
reporting
audit
SLA
KPI
remediation
NIST
NERC
ISO
SOX
COBIT
ITGC
cybersecurity
GRC
analytical tools
dashboards

Share Job:

How to Get Hired at Jobs via Dice

  • Research Maureen Data Systems Inc's culture: Study their mission, values, recent news, and employee testimonials on LinkedIn and Glassdoor.
  • Tailor your resume: Customize your resume to highlight experience in IT governance, risk, and vulnerability management, using keywords from the job description.
  • Showcase compliance expertise: Emphasize your deep familiarity with frameworks like NIST, NERC, ISO, and SOX, and your ability to manage audit findings.
  • Prepare for technical and behavioral questions: Be ready to discuss your experience with GRC processes, vulnerability lifecycle management, and cross-functional collaboration.
  • Highlight analytical and reporting skills: Prepare examples of how you've used analytical tools to automate metrics and produce executive-level dashboards.

Frequently Asked Questions

Find answers to common questions about this job opportunity

Explore similar opportunities that match your background