Vulnerability Management Lead

The Vulnerability Management Lead at this multinational will develop and maintain vulnerability management platforms and technologies, supporting risk-based access control and the management of vulnerabilities to ensure secure operations.

This role involves defining strategy, managing the VM team, implementing processes and tools, and ensuring strategic execution aligned with company goals. The position reports directly to the Global CISO.

Key Responsibilities :

1. Vulnerability Management Governance

Ensure all services and deliverables meet SLAs and foster an innovative team culture.

Develop VM policies and SOPs.

Lead the VM function and manage staffing.

Identify operational issues, escalate, and act as a resolution point.

Promote continuous service improvement and define security KPIs.

2. Support VM Design & Delivery

Participate in Go-live activities.

Ensure policies are repeatable, scalable, and consistent.

Deliver end-to-end vulnerability lifecycle processes (scanning, analysis, remediation, reporting).

Produce detailed technical and non-technical reports.

3. Vulnerability Management Processes

Define policies, standards, and security architecture.

Monitor compliance and effectiveness of governance.

Align security with business goals and ensure implementation of defined controls.

Perform simulations and audits for continuous improvement.

4. Technology Scouting

Stay up to date with emerging technologies, regulations, and threat landscapes.

Identify innovations to improve VM strategy and posture.

Key Relationships : 1. Internal

CIO, Global Architect & Data Director, Infrastructure Lead, IS / IT leadership, Security Architecture, SAP Team, business stakeholders, Renault Group IT teams.

2. External

Third-party providers, cloud stakeholders, industry experts, audit partners, benchmarking groups, red / blue teams, etc.

Requirements :

Proven leadership in VM, team building, and process design.

Experience in global, multicultural environments.

Background in cloud migrations (especially GCP, Microsoft Azure).

Familiarity with security tech like Tenable, Rapid7, Qualys, Kenna, etc.

Skills :

Strong leadership, communication, and organizational skills.

Data-driven mindset with technical and analytical strength.

Strong knowledge of cybersecurity frameworks and compliance.

Capacity to work independently and globally.

Certifications (preferred) :

Domain Knowledge in :

Vulnerability management tools

Cloud and network security

Risk and incident management

Identity & Access Management

Secure SDLC

Penetration testing

Permanent contract.

Personalized English classes with a native teacher on staff.

Savings club with numerous discounts

At CIVIR, we value diversity and actively support the inclusion of people with disabilities, giving priority to their applications. Don’t hesitate to apply to our job openings!