Job Introduction
We’re looking for an exceptional Vulnerability Management Manager to help us make a difference to our planet.
As our Vulnerability Management Manager, the job may be suitable for hybrid working, which is where an employee works part of the week in the office and part of the week from home. This is a voluntary, non-contractual arrangement and the location advertised will be your contractual place of work.
Our opportunity is full time, 37 hours per week. Our people are at the heart of what we do and we’ll do our best to agree a working pattern that works for everyone.

ESSENTIAL CRITERIA, SKILLS AND EXPERIENCE:

• We live and breathe it - Demonstrated ability to lead and manage a team with integrity and genuine passion for our purpose, fostering an inclusive, collaborative culture, and continuously developing team skills and expertise through learning and knowledge‐sharing.
• We keep evolving - Expert level knowledge and experience in vulnerability management, with deep knowledge of processes for identifying, classifying, and prioritising vulnerabilities using industry standard frameworks such as CVSS, NIST, and MITRE ATT&CK, with a track record of tailoring scoring models to organisational risk appetite. Proven ability to lead end-to-end vulnerability management initiatives in complex IT environments that reduce mean time to remediation, elevate security maturity and align vulnerability management closely with business objectives.
• We’re experts by nature - Proven experience delivering an effective, continuously improving vulnerability management capability through metrics-driven assessments and red-team collaborations. Skilled in identifying, assessing, and prioritising vulnerabilities using advanced tools and frameworks, with a strong focus on reducing risk exposure across complex environments. Leverage deep technical expertise and curiosity to drive timely remediation efforts, adapt to evolving threat landscapes, and ensure that vulnerability management activities strengthen organisational resilience through ongoing refinement and proactive risk mitigation.
• We’re a force for good - In-depth understanding of secure system and network design principles, cloud security (AWS, Azure), and modern infrastructure technologies, including their associated vulnerabilities and mitigation strategies.
• We’re experts by nature - Expert knowledge of vulnerability scanning tools (such as Tenable, Qualys, Rapid7, Nessus), including hands-on experience in configuring, running and optimising scans across diverse environments. Proficient in asset discovery, attack surface mapping and exposure management techniques to ensure comprehensive visibility of IT and OT assets and their external interfaces. Skilled in applying risk assessment methodologies to evaluate the severity and potential impact of identified vulnerabilities, prioritising remediation efforts based on business risk and operational criticality.
• We’re better together - Strong stakeholder management skills, with a demonstrated ability to lead cross-functional teams, engage technical and non-technical stakeholders, and drive vulnerability remediation initiatives in alignment with organisational risk appetite and enforcing SLAs and performance metrics with transparency and fairness. Demonstrated ability to interpret complex technical findings and communicate them effectively to both technical teams and senior stakeholders, translating risks into clear, actionable business insights that support informed decision-making and enhance organisational security posture.

• Team Leadership and Development: Lead, manage and mentor a team to ensure the team operate effectively. Develop the team utilising the career framework to identify learning needs and career pathways.
• Vulnerability Management: Manage and coordinate vulnerability scanning, risk assessments, and penetration testing to identify security weaknesses across systems, infrastructure, and digital services. Lead efforts to enhance vulnerability management protocols, ensuring alignment with national (Secure by Design) and international security standards and maintaining regulatory compliance. Establish ongoing surveillance mechanisms to detect and respond to new vulnerabilities promptly, maintaining the organisational security posture.
• Reporting and Metrics: Define metrics and targets. Prepare and present regular reports on vulnerability management, and trends to management, translating technical metrics into business focused risk insights