Associate Director Vulnerability Lead @ S&P Global

Responsibilities and Impact:

• Application Oversight: Oversee the management of over 45,000 workstations using Intune/SCCM/Tanium, collaborating with Divisions, InfoSec teams, and other stakeholders.

• Team Leadership: Lead a global team of engineers responsible for the design, configuration, testing, deployment, health, and maintenance of vulnerability remediation tasks.

• Stakeholder Engagement: Foster strong relationships with internal and external stakeholders, including senior leadership, BISOs, and technical teams.

• Product Mindset: Align the team to a product methodology using Scrum, including the creation of AGILE boards, sprint planning, and execution of Epic goals, prioritizing the backlog in Azure DevOps (ADO) boards.

• Engineering Quality & Operational Rigor: Implement a robust framework to ensure all development activities follow defined phases, fostering a culture of continuous improvement and quality assurance. Enforce rigorous documentation standards and adherence to change management guidelines. Conduct regular audits to ensure compliance, standardize development efforts, minimize risks, and enhance operational resilience.

• Change & Incident Management: Serve as the department approver for all Tanium change requests and implementations, managing cloud and on-premises workloads. Act as a key contributor for indexing, reporting, and monitoring remediation efforts for major incidents.

• Deployment Projects: Partner effectively with divisions, workplace, and InfoSec teams to securely deploy OS updates and third-party patches, leveraging different toolsets and the Microsoft technology stack.

• Strategy & Continuous Improvement: Foster strong relationships with LOBs, senior leadership, divisions, and security practitioners globally. Engage with BISOs (business information security officers) on patching and remediation strategy.

• Metrics, and Reporting: Leverage technology stack to report and manage the requirements of various metrics requested by different stakeholders.

• Audit, and Compliance: Create and provide required artifacts for audit and regulatory requirements.

• Vulnerability Management: Ability to research, digest, and determine a remediation for identified CVEs.

Basic Required Qualifications:

• Education and Experience: A Bachelor's degree is preferred, along with 10+ years of infrastructure experience.

• Platform Expertise: In-depth knowledge and hands-on experience with various platforms and tools, including Intune, SCCM, CrowdStrike, Microsoft Defender, Beyond Trust, Citrix (VA & VDI), Application Re-packaging, scripting tools, Windows Autopatch, Windows Autopilot, and Windows Operating Systems. Proficiency in managing large-scale environments with over 45,000 endpoints.

• Team Leadership: Experience in leading global teams, particularly in endpoint engineering and infrastructure management.

• Effective Communication: Excellent verbal and written communication skills to articulate technical concepts and strategies to various stakeholders.

• Incident, Change & Troubleshooting: Experience in handling change requests and major incident remediation. Strong problem-solving skills for first- and second-hand troubleshooting and remediation. Expertise in monitoring infrastructure stability and performance, and familiarity with tools for real-time visibility and reporting.

• Data Analysis: Ability to analyze metrics, performance data, and compliance artifacts to support decision-making and strategy development.

• Audit and Regulatory Requirements: Understanding of audit processes and regulatory requirements, and the ability to produce necessary artifacts.

• SDLC & Agile Methodology: Strong understanding of SDLC frameworks and best practices, and proficiency in Agile practices, Scrum framework, and managing Agile boards in tools like Azure DevOps (ADO).

• Security Baseline Management: Understanding of security baselines and CIS Benchmarks.

• Training and Mentorship: Capability to train and mentor global teams on technical and process-related disciplines.