Remote Cyber Vulnerability Program Manager

Job DescriptionInsight Global is looking for a remote Vulnerability Cyber Program Manager. The Vulnerability Management Program Manager is a senior technical role responsible for designing, driving, and maturing the enterprise vulnerability management lifecycle. This individual serves as the strategic and operational owner of vulnerability identification, prioritization, remediation tracking, and reporting across the organization's hybrid infrastructure environment.Key ResponsibilitiesProgram Strategy & GovernanceOwn and mature the enterprise vulnerability management program, including policy, standards, procedures, and SLAsDefine and maintain risk-based vulnerability prioritization frameworks (CVSS, EPSS, threat intelligence, asset criticality)Develop and enforce remediation SLAs aligned to risk tiers and regulatory requirements (HIPAA, PCI-DSS, NIST, etc.)Lead vulnerability management steering committee meetings and report program KPIs/KRIs to CISO and executive stakeholdersMaintain program documentation, including remediation playbooks, escalation workflows, and exception management processesManage and track remediation workflows and ticketing through Jira and ServiceNow, ensuring full lifecycle traceabilityTechnical OperationsOversee vulnerability scanning operations across on-premises, cloud (Azure/AWS/GCP), containers, and endpoints using TenableManage asset inventory and full attack surface visibility through Axonius as the centralized asset intelligence platformDrive external attack surface management programs leveraging Xpanse ASM to identify and reduce internet-exposed riskOperate CrowdStrike Exposure Management to correlate endpoint telemetry with vulnerability risk for prioritized remediationPartner with infrastructure, cloud, and application teams to ensure full asset coverage and scan fidelityLead patch and endpoint vulnerability remediation workflows integrated with Ivanti Cloud for lifecycle managementDrive correlation of vulnerability findings with threat intelligence to prioritize exploitable, in-the-wild risksRemediation & Cross-functional CollaborationPartner with IT, DevOps, cloud engineering, and application security teams to drive timely remediationFacilitate exception and risk acceptance workflows with stakeholders, tracked in ServiceNow or JiraCoordinate with the SOC and Threat Intelligence teams to align vulnerability prioritization with active threat campaignsDrive DevSecOps integration to shift vulnerability discovery left into CI/CD pipelinesEstablish and track metrics for mean time to remediate (MTTR) by risk tier using Jira dashboards and ServiceNow reportingMetrics, Reporting & Continuous ImprovementDevelop executive-level dashboards and operational metrics reports (weekly, monthly, quarterly)Leverage Axonius asset data and Tenable scan results to produce accurate, comprehensive risk reportingDefine and track program maturity against frameworks such as CMMI, NIST CSF, or custom maturity modelsConduct trend analysis on vulnerability backlogs and aging to identify systemic remediation gapsLead continuous improvement initiatives to increase program efficiency, coverage, and risk reduction velocityReport compliance posture against regulatory and audit requirementsCompensation: $60/hr to $64/hr. Exact compensation may vary based on several factors, including skills, experience, and education. Benefit packages for this role will start on the 31st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to View email address on click.appcast.io learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: and RequirementsExperience7+ years in cybersecurity with at least 3 years in vulnerability management, security operations, or technical program managementDemonstrated experience managing enterprise-scale vulnerability programs across hybrid environments (on-prem, cloud, containers, endpoints)Proven track record of cross-functional program management, driving remediation accountability across large, complex organizationsTechnical SkillsHands-on experience with Tenable (Tenable.io / Tenable.sc) for enterprise vulnerability scanning and reportingProficiency with Axonius as an asset intelligence and cyber asset attack surface management (CAASM) platformExperience operating CrowdStrike Exposure Management to surface and prioritize endpoint and identity riskWorking knowledge of Xpanse ASM (Palo Alto) for external attack surface discovery and remediationFamiliarity with Ivanti Cloud for patch management, endpoint compliance, and remediation automationExperience managing vulnerability and remediation workflows in Jira and ServiceNowFamiliarity with CVSS scoring, EPSS, KEV (CISA Known Exploited Vulnerabilities), and risk-based prioritizationExperience with regulated industries (healthcare, finance, or government) preferredCISSP, CISM, or equivalent security leadership certificationCertified Vulnerability Assessor (CVA) or equivalentPMP or similar program management certificationCloud security certifications (CCSP, AWS Security Specialty, Azure Security Engineer) a plusAbility to build dashboards and reports (Power BI, Splunk, Excel/Python a plus)J-18808-Ljbffr Insight Global