Vulnerability Management Assessment Lead - EY Global Delivery Services

Press Tab to Move to Skip to Content Link

Location: CABA

Other locations: Primary Location Only

Date: May 7, 2025

Requisition ID: 1586842

Vulnerability Assessment Lead

Today’s world is fueled by vast amounts of information. Data is more valuable than ever before. Protecting data and information systems is central to doing business, and everyone in EY Information Security has a critical role to play. Join a global team of almost 950 people who collaborate to support the business of EY by protecting EY and client information assets! Our Information Security professionals enable EY to work securely and deliver secure products and services, as well as detect and quickly respond to security events as they happen. Together, the efforts of our dedicated team help protect the EY brand and build client trust.

Within Information Security we blend risk strategy, digital identity, cyber defense, application security and technology solutions as we consider the entire security lifecycle. You will join a team of hardworking, security-focused individuals dedicated to supporting, protecting and enabling the business through innovative, secure solutions that provide speed to market and business value.

The opportunity

The Vulnerability Assessment Lead is tasked with overseeing the analysis of potential security weaknesses within the organization's network, systems, and applications and providing necessary reporting to stakeholders. This pivotal role demands a deep knowledge of cybersecurity principles, risk assessment methodologies, and the ability to interpret vulnerability scanning results. Collaborating closely with the Vulnerability Discovery Lead, the Vulnerability Assessment Lead plays a crucial role in refining the organization's vulnerability management processes and integrating assessment findings into the broader security framework to mitigate risks effectively.

Your key responsibilities

The Vulnerability Assessment Lead is charged with developing the necessary strategy to coordinate and conduct comprehensive assessments to identify system vulnerabilities, ensuring that all findings are accurately documented and prioritized based on potential impact and conveyed appropriately to vulnerability management stakeholders. This role regularly updates team strategy and procedures to align with evolving security standards and threat landscapes. Additionally, the Vulnerability Assessment Lead must provide clear and actionable reports to senior management, enabling informed decision-making regarding the organization's cybersecurity posture.

Skills and attributes for success

Subject matter expert in vulnerability intelligence and analysis

Strong prioritization skills

Familiarity and understanding of security controls

Demonstrated ability to distil complex, technical data into clear, concise explanations

Extensive understanding of vulnerability exploitation and remediation strategies

Expert understanding of information security and cybersecurity principles

Ability to work independently and prioritize

Demonstrated ability to think strategically

Efficient research methodologies

To qualify for the role you must have

10+ years of Information Security experience with a focus on threat analysis

5+ years of Vulnerability Analysis experience

Working knowledge of identifying and remediating vulnerabilities in an enterprise environment

An expert ability to assess an organization’s attack surface internally and externally

Demonstrated experience assessing and communicating the risk of vulnerabilities to all levels within an organization

An in-depth understanding of security control functionality in the context of threats

An interest and aptitude for engaging stakeholders and developing a functional network of subject matter experts

Proficiency developing non-traditional solutions to complex challenges

Experience mentoring and developing junior talent from diverse backgrounds

Ideally, you’ll also have

Purple Team expertise

3+ years of incident response experience

Offensive security skills

What we look for

We are looking for an experienced, self-driven leader that can operate independently and improve the organization’s ability to reduce the attack surface while enabling the business. The ideal candidate will seek to improve others while continuously learning and identifying ways to strengthen the organization.

What working at EY offers

As part of this role, you will work in a highly coordinated, globally diverse team with the opportunity and tools to grow, develop and drive your career forward. Here, you can combine global opportunity with flexible working. The EY benefits package goes above and beyond too, focusing on your physical, emotional, financial and social well-being. Your recruiter can talk to you about the benefits available in your country. Here’s a snapshot of what we offer:

Continuous learning: You will develop the mindset and skills to navigate whatever comes next.

Success as defined by you: We will provide the tools and flexibility, so you can make a significant impact, your way.

Transformative leadership: We will give you the insights, coaching and confidence to be the leader the world needs.

Diverse and inclusive culture: You will be accepted for who you are and empowered to use your voice to help others find theirs.

We ensure that individuals with disabilities are provided reasonable accommodations to participate in the job application or interview process, to perform essential job functions and to receive other benefits and privileges of employment. Please contact us to request accommodations.

EY is committed to being an inclusive employer, and we are happy to consider flexible working arrangements. We strive to achieve the right balance for our people, enabling us to deliver excellent client service whilst allowing you to build your career without sacrificing your personal priorities. While our client-facing professionals can be required to travel regularly, and at times be based at client sites, our flexible working arrangements can help you to achieve a lifestyle balance.

If you can confidently demonstrate that you meet the criteria above, please contact us as soon as possible.

Select how often (in days) to receive an alert:

EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.