Vulnerability Manager

INTRODUCTION

At Burberry, we believe creativity opens spaces. Our purpose is to unlock the power of imagination to push boundaries and open new possibilities for our people, our customers and our communities. This is the core belief that has guided Burberry since it was founded in 1856 and is central to how we operate as a company today.  

We aim to provide an environment for creative minds from different backgrounds to thrive, bringing a wide range of skills and experiences to everything we do. As a purposeful, values-driven brand, we are committed to being a force for good in the world as well, creating the next generation of sustainable luxury for customers, driving industry change and championing our communities.

JOB PURPOSE

The Burberry Cyber Security Operations team is globally responsible for Security Monitoring, Incident Response, Vulnerability Management and Attack Surface Management. The Vulnerability Manager, reporting to Director – Cyber Security Operations, plays a key role in overseeing the identification, prioritisation and remediation of vulnerabilities across the Burberry Global IT estate.

RESPONSIBILITIES

The Vulnerability Manager will be responsible for:

• Leading and maintaining the Vulnerability Management programme and services.
• Report and track key performance indicators and metrics to measure the effectiveness of the Vulnerability Management programme.
• Develop and maintain clear processes and procedures related to vulnerability management.
• Collaborate with wider IT teams to develop remediation plans and support patch management activities/programmes.
• Track the progress of remediation efforts according to established SLA’s
• Threat Intelligence, stay up to date with the latest vulnerabilities and exploits, escalating remediation where required.
• Leverage Threat Intelligence and other factors to prioritize critical vulnerabilities. 
• Prepare and present monthly reports of Security Posture and Vulnerabilities Management status.
• Participate in Cyber Security Incident Response activities where required.

PERSONAL PROFILE

• Working towards relevant academic or industry qualifications such as CEH, CISSP, CISM, CISA
• Demonstrate experience of leading and managing Vulnerability Management functions
• Passionate about service / security – keeps up to date on the latest news and trends.
• IT Security Professional with experience across a broad set of security domains
• Demonstrable ability to distil complex, often technical, security issues to a variety of audiences

Mandatory:

• Experience with Vulnerability Assessment technologies, such as Qualys, Tanium, Wiz
• Demonstrate in depth knowledge and experience of the following operating systems: Windows Server, Unix/Linux, Windows Desktop, MacOSX
• Demonstrate in depth knowledge and experience in at least two of the following platforms: AWS, Azure, Microsoft 365
• Experience with developing and assuring Secure Build Standards
• Multiple scripting languages, e.g., PowerShell, Python, etc.
• Experience with data visualisation, BI and reporting suites.

Desirable:

• Relevant academic or industry qualifications such as CEH, CISSP, CISM, CISA
• Experience with Security Information Event Management Solutions and Orchestration/Automation
• Data Science and experience working with large data sets.
• Experience building Security Detection Logic, SPL/YARA

Burberry is an Equal Opportunities Employer and as such, treats all applications equally and recruits purely on the basis of skills and experience.