|
Join Triumph! At Triumph, our vision is a world where freight transactions are accurate and seamless on the most modern and secure freight transaction network. That's why we're looking for passionate, innovative, solutions-oriented people to join our team. We thrive on providing exceptional customer service and we look for team members with an entrepreneurial spirit and a passion to build successful partnerships with our clients. Because at the end of the day our goal is to help our partners businesses run better.
Position Summary: The VP, Threat & Vulnerability Management (VP, TVM) is responsible for identifying, tracking, and communication threats and vulnerabilities that may impact the organization, our customers or our team members. The role will oversee a TVM Analyst in the day-to-day understanding of information security and preferably have held positions in cybersecurity and systems administration. The role also requires an understanding of business and governance processes. The VP, TVM will own and execute on a vulnerability management strategy across the enterprise. ESSENTIAL DUTIES & RESPONSIBILITIES
Create a vulnerability strategy for the enterprise. Define a roadmap to continually assess and iterate security best practices for our cloud environments. Own and execute on threat intelligence efforts, collaborating across Security and other teams as necessary. Ensure the protection of Triumph customers, employees and organizational data. Oversee the management of vulnerabilities across applications, endpoints, databases, networking devices, and mobile, cloud and third-party assets. Conduct continuous discovery and vulnerability assessment of enterprise-wide assets. Communicate vulnerability results in a manner understood by technical and non-technical business units based on risk tolerance and threat to the business, and gain support through influential messaging. Procure and maintain tools and scripts used in asset discovery and vulnerability status. Leverage vulnerability database sources to understand each weakness, its probability and remediation options, including vendor-supplied fixes and workarounds. Collaborate with security groups such as red teams, threat intelligence and risk management to form a holistic team dedicated to thwarting attackers and reducing attack surface. Work closely with infrastructure teams to advise and support remediation efforts to close vulnerability exposure to new threats in the wild and verify the organization's security posture against them. Regularly research and learn new TTPs in public and closed forums, and work with colleagues to assess risk and implement/validate controls as necessary. Maintain an active database comprising third-party assets, their vulnerability state, remediation recommendations, overall security posture and potential threat to the business. Arrange and provide support to business units launching new technology applications and services to verify that new products/offerings are not at risk of misconfiguration, compromise or information leakage. Periodically attend and participate in change management policy discussions and meetings. Define key performance indicators (KPIs) and metrics across business units to illustrate effectiveness with vulnerability management. Understand breach and attack simulation solutions for known vulnerabilities and work with the team to validate controls effectiveness. Liaise with the security engineering team to improve tool usage and workflow, as well as with the advanced threats and assessment team to mature monitoring and response capabilities. Perform other duties as assigned.
Bachelor's degree in Business, Management Information Systems or related degree. At least 7 years' experience in information security administration, vulnerability management or security operations. Experience leading security teams. Proficient with vulnerability management solutions such as Tenable, Qualys, Nexpose, Nessus, Kenna Security, Tanium and open source.
SKILLS & ABILITIES REQUIRED
Proven track record in executing on a comprehensive vulnerability management program. Experience stabilizing systems to run minimal application requirements, least privilege and additional host hardening. Understanding of Windows and *nix operating systems, endpoint applications, networking protocols and devices. Preferably some experience with vulnerability management across Amazon Web Services (AWS), Microsoft Azure or Google Cloud Platform (GCP). Experience conducting organization-wide vulnerability scanning and remediation processes. Ability to obtain and maintain technical team and business support to influence a collaborative effort to reduce attack surface. Knowledge of one or more compliance standards, including Payment Card Industry (PCI), Gramm-Leach-Bliley Act (GLBA), National Institute of Standards (NIST) or International Standards Organization (ISO).
The work environment characteristics described here may be encountered while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Moderate noise (i.e., business office with computers, phone, and printers, light traffic). Ability to work in a confined area. Ability to sit at a computer terminal for an extended period of time. Occasional stooping or kneeling may be necessary. While performing the duties of this job, the employee is regularly required to stand, sit, talk, hear, and use hands and fingers to operate a computer keyboard and telephone. Specific vision abilities are required for this job due to computer work. Light to moderate lifting is required. Regular, predictable attendance is required.
We offer Medical, Dental, Vision, Paid Time Off, 401k and much more. Go on. Do it. Apply Today!
|
Triumph Financial
paid time off, 401(k)
Jun 18, 2025