Vulnerability Management Lead (VA/VAPT)

A – Governance and Strategy
Metrics and reporting: Develop and maintain key performance indicator (KPIs) and key risk indicator (KRIs) related to assessment and remediation status, provide regular executive level reports on the overall risk posture.

Process Improvement: Continuously mature the vulnerability assessment and remediation program, incorporating automation, best practices, and lessons learned to improve efficiency and effectiveness.
Policy Compliance and exception management: Ensure all assessment and remediation activities comply with internal policies, industry standard and regulatory requirement such as RBI, CERT-In, SEBI, etc.

B – Remediation Management
Program Ownership: Own the remediation lifecycle, ensuring identified issues are formally logged, assigned and tracked through closure.

Collaboration: Co-ordinated closely with internal stakeholders to agree on remediation plans, timelines and resource allocation. Provide technical assistance to clarify reported issues & support resolution efforts

Prioritization: Develop and enforce a risk based prioritization methodology for remediation efforts based on severity, impact and business criticality.

           Quality Assurance: Validate and test the remediation evidence to ensure vulnerabilities are closed.