Manager, Vulnerability Management - Enterprise Security

Job Overview

The Manager, Vulnerability Management provides strategic direction and collaborates across enterprise teams to develop, coordinate, elevate, and streamline the vulnerability management program. They draw on extensive experience in vulnerability management and penetration testing to ensure the program's continuous improvement.

This role oversees the enhancement of vulnerability platforms, works closely with security and business teams to create innovative risk mitigation strategies, and ensures compliance with established policies. The Manager also communicates key metrics to senior leaders and remediation teams across the enterprise.

They possess expertise in a variety of security testing tools, including BurpSuite, HP WebInspect, Core Impact, Tenable, MetaSploit, and Qualys. Additionally, they are well-versed in penetration testing, vulnerability scanning, and red teaming methodologies. The Manager is capable of explaining vulnerabilities and weaknesses in the CISA KEV, OWASP Top 10, and CWE 25 to diverse audiences and discussing effective defensive techniques.

What You Will Do

• Improve and enhance vulnerability reporting to key stakeholders, including business leaders, by clearly articulating and prioritizing risk and impact to drive remediation efforts. Effectively communicate the urgency and necessity of addressing vulnerabilities.
• Manage vulnerability scanning schedules, oversee remediation tracking, coordinate penetration test scheduling, and organize purple team exercises. Lead the team in improving and automating processes wherever possible.
• Design and lead red team exercises, focusing on stealth, long-term campaigns, social engineering, and realistic threat scenarios.
• Develop and implement metrics, analytics, and reporting systems, while creating a roadmap for continuous program improvement.
• Design and conduct various testing and simulations-including penetration tests, technical control assessments, and blue team exercises-to ensure alignment with Macy's strategies.
• Provide support for incident response and architecture review processes when application or vulnerability security expertise is required.

Skills You Will Need

Regulatory Compliance: Strong knowledge of regulatory compliance requirements, including PCI-DSS, SOX, and GLBA.

Security Infrastructure: Advanced knowledge in security infrastructure design and architecture for both new implementations and existing infrastructure.

Enterprise Security: Experience in designing and implementing enterprise-wide security strategies, policies, and standards.

Threat Protection: Experience protecting large enterprise environments from internal and external attacks.

Vulnerability Management: Strong understanding of network, physical, application, and web security as it relates to vulnerability management. Advanced knowledge of common vulnerabilities, testing approaches, and remediation strategies.

Security Technologies: Expert understanding of current and emerging security technologies, defense strategies, and industry standards. Ability to determine and recommend security-related products and activities, influencing decision-making processes.

Interpersonal Skills: Advanced leadership, facilitation, and interpersonal skills to work across functional lines and at various levels.

Communication: Excellent written and verbal communication skills, with the ability to read, write, and interpret instructional documents.

Certifications: One or more certifications such as CISSP, CEH, Secure+, OCSP, GPEN, CISA, CISM, GWAPT, GXPN etc. preferred.

Who You Are

• Dedicated to fulfilling ideals of diversity, inclusion, and respect that Macy's aspires to achieve every day in every way.
• Candidates with a bachelor's degree or equivalent work experience in a related field are encouraged to apply. 8-10 years of experience in Information Security or an equivalent combination of education and experience.
• Regularly required to sit, talk, hear; use hands/fingers to touch, handle, and feel. Occasionally required to move about the workplace and reach with hands and arms. Requires close vision.
• Able to work a flexible schedule based on department and company needs.

What We Can Offer You

• An inclusive, challenging, and refreshingly fun work environment
• Competitive pay and benefits rooted in principles of equity
• Performance incentives and annual merit review
• Merchandise discounts
• Health and Wellness Benefits across medical, dental, vision, and additional insurance
• Retirement Savings Plan with 401k match opportunity
• Employee Assistance Program (mental health counseling and legal/financial advice)
• Resources for continuous learning, career growth, and leadership development
• 8 paid holidays
• Paid Time Off (first year prorated depending on start date)
• Tuition reimbursement program
• Colleague Resource Groups (CRGs) and give-back/volunteer opportunities
• Empowerment and autonomy to perform impactful work with tangible results

This job description is not all-inclusive. Macy's, Inc. reserves the right to amend this job description at any time. Macy's, Inc. is an Equal Opportunity Employer, committed to a diverse and inclusive work environment.

TECH00

LEGALRE00