The Vulnerability Management Lead at this multinational will develop and maintain vulnerability management platforms and technologies, supporting risk-based access control and the management of vulnerabilities to ensure secure operations.
This role involves defining strategy, managing the VM team, implementing processes and tools, and ensuring strategic execution aligned with company goals. The position reports directly to the Global CISO.
Key Responsibilities:
1. Vulnerability Management Governance
* Ensure all services and deliverables meet SLAs and foster an innovative team culture.
* Develop VM policies and SOPs.
* Lead the VM function and manage staffing.
* Identify operational issues, escalate, and act as a resolution point.
* Promote continuous service improvement and define security KPIs.
2. Support VM Design & Delivery
* Participate in Go-live activities.
* Ensure policies are repeatable, scalable, and consistent.
* Deliver end-to-end vulnerability lifecycle processes (scanning, analysis, remediation, reporting).
* Produce detailed technical and non-technical reports.
3. Vulnerability Management Processes
* Define policies, standards, and security architecture.
* Monitor compliance and effectiveness of governance.
* Align security with business goals and ensure implementation of defined controls.
* Perform simulations and audits for continuous improvement.
4. Technology Scouting
* Stay up to date with emerging technologies, regulations, and threat landscapes.
* Identify innovations to improve VM strategy and posture.
Key Relationships:
1.Internal
CIO, Global Architect & Data Director, Infrastructure Lead, IS/IT leadership, Security Architecture, SAP Team, business stakeholders, Renault Group IT teams.
2.External
Third-party providers, cloud stakeholders, industry experts, audit partners, benchmarking groups, red/blue teams, etc.
Requirements:
* Proven leadership in VM, team building, and process design.
* Experience in global, multicultural environments.
* Background in cloud migrations (especially GCP, Microsoft Azure).
* Familiarity with security tech like Tenable, Rapid7, Qualys, Kenna, etc.
Skills:
* Strong leadership, communication, and organizational skills.
* Data-driven mindset with technical and analytical strength.
* Strong knowledge of cybersecurity frameworks and compliance.
* Capacity to work independently and globally.
Certifications (preferred):
* ISC2, ISACA, GIAC, EC-Council, ITIL, CompTIA Security+.
Domain Knowledge in:
* Vulnerability management tools
* Cloud and network security
* Risk and incident management
* Identity & Access Management
* Secure SDLC
* Penetration testing
* Compliance, auditing, BCP/DRP
Benefits
* Permanent contract.
* Flexible compensation (meal vouchers, childcare vouchers, health insurance).
* Personalized English classes with a native teacher on staff.
* Savings club with numerous discounts
At CIVIR, we value diversity and actively support the inclusion of people with disabilities, giving priority to their applications. Don’t hesitate to apply to our job openings!