Vulnerability Governance Lead
Vulnerability Governance Lead
Location: [London 2-3 days a week onsite]
Basic salary: £70K
One of our clients are looking for a Vulnerability Governance Lead to redefine how cyber risk is managed and mitigated across this evolving organisation. This is not a traditional patching or operational security role - it's a strategic position focused on governance, visibility, and accountability.
The successful applicant for the Vulnerability Governance Lead will establish a modern, risk-led vulnerability management capability, giving the business a clear, unified view of exposure across infrastructure, cloud, and applications. The vulnerability Governance Lead will drive prioritisation, empower engineering teams, and ensure measurable reduction in risk.
The ideal applicant for Vulnerability Governance Lead will have a blended responsibility covering technical insight, risk judgement, and stakeholder influence.
What you'll do
Drive exposure visibility and risk clarity
- Build and maintain a single, coherent view of vulnerability risk across environments using tools like Tenable, Wiz, and Snyk
- Correlate findings and prioritise based on real business risk - not just CVSS (asset criticality, exposure, data sensitivity)
- Define and evolve a risk-based severity model aligned to organisational priorities
Establish ownership and accountability
- Implement a clear you own it, you fix it model across engineering, infrastructure, and product teams
- Ensure all assets have accountable owners and enforce risk-aligned remediation SLAs
- Provide central oversight while enabling teams to act
Build and embed governance
- Develop and maintain policies, standards, and procedures aligned to ISO 27001, NIST, and CIS
- Design and run a robust exception and risk acceptance process with clear approvals and tracking
- Ensure consistent governance across hybrid environments (cloud and on-prem)
Create meaningful reporting & executive insight
- Deliver clear, actionable reporting for both:
- Technical teams (operational prioritisation)
- Senior stakeholders (strategic risk visibility)
- Track key metrics including SLA adherence, vulnerability ageing, exposure trends, and coverage
- Provide regular updates to senior leadership and risk committees
Lead tooling and data integration
- Own the coordination of vulnerability tooling to ensure:
- Comprehensive coverage
- High-quality, deduplicated data
- Integrate outputs into workflow systems (eg ServiceNow) for tracking and accountability
- Drive automation and data improvement - focusing on insight, not remediation
Enable and influence engineering teams
- Work closely with engineering, DevOps, and platform teams to:
- Improve prioritisation and reduce noise
- Provide clear, practical remediation guidance
- Embed vulnerability management into development and operational workflows
- Champion a culture of you build it, you run it, you secure it
Continuously improve the programme
- Stay ahead of emerging threats and evolve the approach accordingly
- Identify gaps and drive enhancements across tooling, coverage, and process
- Ensure findings from penetration testing are governed and resolved
Your Background: Vulnerability Governance Lead
The ideal candidate for this role will boast:
- Proven experience in vulnerability or exposure management within complex, hybrid environments
- Strong hands-on understanding of vulnerability management tools such as Tenable, Wiz, and/or Snyk
- Experience designing or operating risk-based vulnerability governance frameworks, including SLAs and exceptions
- Solid knowledge of ISO 27001, NIST, and CIS frameworks
- Ability to influence without authority, driving remediation through engineering and platform teams
- Strong analytical skills, with the ability to translate technical findings into business risk language
- Confident communicator, comfortable engaging senior stakeholders and executives
- Experience producing clear, concise, and compelling reporting
If this seems like the role for you please click the apply button now
We invite individuals from underrepresented groups to apply for any of our roles and are committed to supporting accessibility needs.