Vulnerability Manager

Vulnerability Manager

Hybrid role - Birmingham on site 2-3 days per week

£70,000 - £80,000 per annum (DOE)

12-Month Fixed Term Contract

We have an exciting opportunity for a Vulnerability Manager to join a high-performing Business Change and Technology function on a 12-month fixed term salaried contract.

Reporting into the Information Security Manager, you will be responsible for managing, maintaining, and continuously improving the vulnerability management programme across a complex enterprise technology estate. This includes the identification, assessment, prioritisation, and remediation tracking of security vulnerabilities across on-premises systems, cloud environments, networks, applications, and endpoint devices.

This role plays a critical part in ensuring the organisation's technology environment remains secure, resilient, and aligned with internal security policies, legal and regulatory requirements, and industry best practice.

The Opportunity - Vulnerability Manager

Vulnerability Management & Analysis

• Lead the end-to-end vulnerability management lifecycle, including discovery, scanning, validation, prioritisation, reporting, and remediation tracking.
• Operate and optimise vulnerability scanning platforms (e.g. Microsoft Defender Vulnerability Management, Edgescan, or equivalent).
• Conduct regular internal and external vulnerability assessments across infrastructure, applications, and cloud environments.
• Validate and analyse vulnerability data to ensure findings are accurate, contextualised, and relevant to the organisation's operational environment.
• Identify and assess critical vulnerabilities and zero-day threats, determining when expedited remediation is required.
• Assess vulnerability severity based on real-world exploitability, considering threat intelligence, exposure, asset criticality, and compensating controls.
• Maintain a defensible position on exploitable vs non-exploitable vulnerabilities, clearly documenting risk decisions and rationale.
• Assess and articulate business risk based on exploitability, asset value, and threat intelligence.

Remediation Coordination

• Work closely with internal technical teams and third-party partners to ensure vulnerabilities are remediated within agreed SLAs and risk tolerances.
• Develop remediation plans, monitor progress, and escalate high-risk issues where necessary.
• Support patch governance activities, ensuring both routine and emergency patching meets security requirements.

Security Governance & Compliance

• Ensure vulnerability management activities align with internal information security policies, standards, and procedures.
• Support compliance with relevant regulatory and security frameworks (e.g. GDPR, PCI DSS).
• Produce regular vulnerability risk reports, dashboards, and KPIs for senior stakeholders.
• Provide evidence and reporting to support audits, penetration tests, and regulatory reviews.

Threat Intelligence & Continuous Improvement

• Integrate threat intelligence to prioritise remediation of actively exploited or high-risk vulnerabilities.
• Recommend and drive improvements to tools, processes, automation, and reporting to enhance programme maturity.
• Stay current with emerging vulnerabilities, zero-day threats, and vendor advisories.
• Support incident response activities where vulnerabilities are linked to potential security events.

What You'll Bring

• Proven experience in vulnerability management, cyber s