Threat And Vulnerability Management (Tvm) Lead

Threat and Vulnerability Management (TVM) Lead

Location : Madrid (hybrid)

Type : Permanent

Industry : Technology / Payments / Global Enterprise

About Our Client :

Our client is a global leader in integrated technology and payment solutions, serving enterprise customers across retail, hospitality, and other commercial sectors. With over 2,500 employees across six continents and operations in 120+ markets, they are known for driving digital transformation and innovation across complex, federated environments.

Role Overview :

We are seeking a highly experienced Threat and Vulnerability Management (TVM) Lead to own and evolve the organisation’s vulnerability management programme. This is a leadership role that involves working across global business units and technical teams to ensure security risks are identified, prioritised, and addressed efficiently.

You will act as the subject matter expert on vulnerability management tools, frameworks, and reporting - driving forward strategy, automation, and process maturity in a complex infrastructure environment.

Key Responsibilities :

• Lead the day-to-day operations of the global Threat and Vulnerability Management programme, ensuring alignment across multiple business units and geographies.
• Serve as the SME for TVM tools and processes, including Rapid7, Qualys, Microsoft Defender, and attack surface management technologies.
• Apply threat intelligence to map vulnerabilities to real-world threats, using frameworks such as MITRE ATT&CK and tools like EPSS and CVSS to prioritise remediation based on risk and asset criticality.
• Develop and manage frameworks for vulnerability reporting, ensuring resolver teams across the business understand and take action on findings.
• Drive continuous improvement of detection, triage, and remediation workflows, leveraging automation and process refinement.
• Collaborate with the SOC, security engineering, and wider business stakeholders to ensure cohesive and effective vulnerability management.
• Support compliance and security initiatives, including PCI DSS, through proactive vulnerability mitigation.
• Contribute to exposure reduction strategies and cloud security practices across Azure, AWS, and GCP.

What We’re Looking For :

• Broad and deep experience in threat and vulnerability management across large, global enterprises.
• Demonstrated success in leading BAU vulnerability management programmes in complex, federated environments with multiple business units.
• Practical experience with Rapid7 InsightVM and / or Qualys.
• Strong understanding of threat intelligence, risk-based vulnerability prioritisation, and remediation strategies.
• Experience integrating TVM tools and workflows with automation technologies.
• Familiarity with PCI DSS or other regulatory / compliance frameworks is highly desirable.
• Hands-on knowledge of vulnerability management in cloud environments (Azure, AWS, GCP).
• Relevant security certifications are a plus (e.g., GCTI, Security+, CySA+, etc.).