Is this your next challenge in Cybersecurity Architecture
The challenge is to:
The Assistant Manager for Cyber Security Architecture is responsible for leading Vulnerability and Exposure Management, secure architecture design, and cyber risk transformation initiatives across the enterprise and digital platforms. This role acts as a bridge between engineering, operations, compliance, and architecture functions, driving proactive vulnerability identification, solution design, and governance maturity.
The incumbent will oversee multiple cybersecurity capabilities across vulnerability management, attack surface management, cloud security posture management, and application security, integrating their outputs into actionable, risk-based programs and dashboards to improve the organization's cyber resilience posture.
Key Responsibilities
Vulnerability and Exposure Management
- Oversee vulnerability scanning and remediation processes for infrastructure and web applications.
- Troubleshoot technical issues related to scanning agents and tasks, ensuring optimal coverage and reliability.
- Maintain accurate asset tagging and metadata to enhance asset visibility and reporting precision.
- Consolidate vulnerability findings across platforms and coordinate remediation plans with system owners and security champions.
- Collaborate with ITSM/CMDB teams for asset data synchronization and process automation.
- Review and validate external exposure findings; guide system owners in interpreting reports and confirming remediation actions.
- Establish tagging and grouping conventions for asset identification and accountability.
- Cascade exposure reports to relevant teams and advise Security Operations on prioritization strategies.
- Support cloud teams in fine-tuning security alerts and managing risk remediation for cloud workloads.
- Work with Digital and Engineering teams to integrate security scanning within development pipelines (e.g., repositories, CI/CD, IDEs).
- Coach developers on secure coding practices, dependency management, and repository hygiene.
- Drive the transition from traditional vulnerability management to a risk-based exposure management approach for critical assets.
- Conduct internal workshops and awareness training for security champions to enhance risk understanding and remediation focus.
Security Architecture and Risk Assessment
- Partner with Risk & Compliance and Enterprise Architecture teams to conduct threat modeling and review new/existing system designs.
- Ensure all architecture principles align with internal Information Security Policy and external compliance frameworks (e.g., ISO 27001, NIST).
- Participate in architecture forums to ensure new initiatives meet defined cybersecurity assessment requirements.
Governance, SOP, and Dashboarding
- Develop and maintain Standard Operating Procedures (SOPs) for cybersecurity tools and processes to enforce governance consistency.
- Map SLAs to patch management policies and monitor adherence through structured reporting.
- Publish real-time vulnerability and exposure insights and metrics in dashboards for management visibility and decision support.
Roadmap Development
- Contribute to the cybersecurity solutions roadmap supporting strategic goals.
- Identify opportunities for automation, process improvement, and technology integration within the cyber architecture domain.
Do you have experience in Cybersecurity Architecture
Qualifications and Experience
- Bachelor's degree in Cybersecurity, Computer Science, or related technology discipline.
- 5–8 years of combined experience in cybersecurity architecture, Vulnerability and Exposure Management, and risk assessment.
- Extensive hands-on experience across vulnerability management, attack surface management, cloud security, and application security platforms.
- Strong understanding of risk-based vulnerability management, ISO 27001, and NIST CSF frameworks.
- Familiarity with OWASP, CI/CD pipelines, DevSecOps, and cloud security architecture (AWS, Azure, or GCP).
- Experience with asset management and CMDB/ITSM integrations.
- Effective stakeholder management and collaboration skills across technical and non-technical groups.
Preferred Certifications
- CISSP, CompTIA CySA+, CASP+, or equivalent.
- Certifications related to vulnerability management, cloud security, or security operations.
- Microsoft or cloud security-related certifications.
Core Competencies
- Analytical and problem-solving mindset with strong technical depth.
- Ability to translate complex vulnerabilities into business risk and mitigation actions.
- Excellent communication and presentation skills for technical and executive audiences.
- Self-motivated, structured, and capable of managing multiple concurrent projects.
