Enterprise Security Posture Management SME - VP

Join our Proactive Defence team as an Enterprise Security Posture Management SME, leading capabilities across Attack Surface Management (ASM), Attack Path Management (APM), and Breach & Attack Simulation (BAS) within the CISO organization. You will drive a proactive, threat-informed approach to exposure management, helping the bank identify, prioritise, and reduce exploitable security risk through greater visibility, attack path analysis, and continuous control validation.

This role is critical to shifting from reactive vulnerability management to proactive exposure reduction by providing continuous visibility of the attack surface, mapping how attackers can move through the environment, and validating security controls through adversary simulation. In doing so, you will help the organization identify, prioritise, and reduce exploitable security risk in a way that is threat-informed, measurable, and directly tied to business impact.

To be successful in this role, you should have experience with:

• Attack surface discovery and asset attribution Ability to continuously identify internet-facing assets, shadow IT, domains, subdomains, certificates, cloud services, APIs, SaaS exposures, third party hosted assets, and assets with unclear ownership
• Risk-based exposure prioritisation Ability to prioritise the most material exposures by combining exploitability, business criticality, asset ownership, threat intelligence, vulnerability data, and likelihood of attack
• Threat-informed attack surface analysis Ability to enrich attack surface findings with attacker techniques, active exploitation trends, KEV data, offensive security teams findings, and sector specific threat intelligence

Highly valued skills for this role include:

• Hands on experience with EASM/ASM platforms Experience using tools such as external attack surface management, CAASM, vulnerability management, cloud posture, and exposure management platforms
• Cloud, identity, SaaS, CI/CD and API exposure knowledge Understanding of common attack surface risks across AWS, Azure, GCP, Entra ID, Active Directory, Kubernetes, APIs, internet gateways, and exposed management interfaces
• Understanding of Breach and Attack Simulation techniques Ability to use BAS outputs to validate whether identified exposures are exploitable, test control effectiveness, simulate attacker behaviours, and support evidence based prioritisation

You may be assessed on the critical skills required for success in this role, including risk and controls, change and transformation, business acumen, strategic thinking, digital and technology, and job specific technical skills.

Location: Knutsford.

Purpose of the role

To keep our customers, clients, and colleagues safe by identifying cyber vulnerabilities across the Bank, using a risk based approach to prioritise them, and to drive effective remediation activity.

Accountabilities

• Allocation of the correct risk rating and remediation prioritisation to a vulnerability based on industry standards for assessment, available threat intelligence concerning exploitation, the reachability of the host (or asset) and the value of the service(s) running on the impacted host.
• Development of vulnerability management operating model, policies and procedures to ensure consistency in vulnerability identification, remediation and reporting. Element owner of the Vulnerability Management Standard including Issues Management and Regulatory alignment.
• Communication of vulnerabilities to relevant parties including senior stakeholders, vendors, external security partners and affected business units using reports and dashboards and providing recommendations for improvement in vulnerability management practices.
• Collaboration with Threat intelligence and Cyber Operations teams to assess and contextualise exposure to latest threat trends and exploits and set appropriate remediation time scales.
• Definition of requirements and acceptance criteria for the implementation and maintenance of automation tools to streamline vulnerability management processes within operating systems and applications.
• Reporting of remediation status of Security Assurance Specialist team findings against Key Risk Indicators.