£54,793 - £67,122

+up to 11% pension contribution 
+annual salary increase
+potential additional earnings

Base

Closing Date 

South East Hub

23:59 - 13th May 2024

 - 

What you’ll be responsible for

The Vulnerability Manager will form a critical component of our Security Operations capability. The dual role will be responsible for: identifying, monitoring, analysing, and supporting remediation of vulnerabilities across our environment. 

The role’s initial priority will be the development of our existing vulnerability management programme. You will be responsible for defining an effective process for the reporting and successful mitigation of vulnerabilities impacting IT and OT. This is expected to be a highly proactive, interactive and hands on role; requiring an individual with a balance of technical and stakeholder management skills. The Vulnerability Manager will act on initiative to seek out vulnerabilities, keep track of current events and changes in the technology landscape, and respond appropriately to address risk. 

Responsibilities: 

1.    In line with key stakeholder and business requirements, define and document a vulnerability management strategy for the business. 
2.    Define and create the necessary reporting and dashboarding to enable stakeholders across the business to understand the threat and risk profile associated with vulnerabilities. 
3.    Ensure all IT and OT assets undergo regular vulnerability scans and continuously update scans to ensure full coverage.  
4.    Work with IT and OT asset owners to configure and run vulnerability and compliance scans in a controlled, planned manner. 
5.    Partner with Technical and non-technical stakeholders to develop and agree effective mitigation plans for vulnerabilities. 
6.    Establish and lead efforts of cross functional technical resources to respond to highest risk/most complex vulnerabilities, contribute technical specialist knowledge
7.    Understand and stay current regarding the critical threats faced by the Business by continually analysing all-source cyber threat intelligence sources.
8.    Monitor vulnerability intelligence sources proactively to ensure any potential Business exposure is spotted swiftly and the appropriate actions taken. 
9.    Undertaking on demand vulnerability exposure assessments of key staff / systems across the organisation. 
10.    Deliver cyber threat intelligence briefings to senior stakeholders across the Business. 
11.    Work with security engineering to outline vulnerability management and threat intelligence platform requirements. 

Who you’ll work with

Internal

• CTO & CISO direct reports
• Senior Executives
• Technical Operations Managers
• Business Application owners
• IT System owners

External

• UK Government NCSC
• Welsh Government
• Sector Security Collaboration Groups
• IT Outsource partners
• Security Outsource partners

About you

Qualifications

• Excellent knowledge of MITRE ATT&CK, OWASP Top 10, CVSS (Common Vulnerability Scoring System), and CVE        
• One or more Professional certifications from bodies such as GIAC, CREST, CompTIA or similar         
• Degree in a technology or other relevant area of specialism (desirable) 

   
Experience 

• Experience of using Tenable, Qualys, other enterprise vulnerability scanning technologies.         
• Experience working and collaborating with IT and Networks teams.         
• Demonstrable experience in a Threat Intelligence / Vulnerability Management / SOC / Red Team related role.         
• Strong experience of vulnerability validation/mitigation    (desirable)         
• Experience of managing, mentoring, and developing direct reports   (desirable)             

Knowledge & Skills

• Enthusiastic about putting our customers first every day        
• Strategic thinker, data-driven and analytical in approach to problem solving.         
• Strong team player and ability to take responsibility and act autonomously.         
• Ability to plan, organise and prioritise tasks and projects.         
• Ability to interact proactively, professionally and confidently with all levels across the business, including executive management    
• Strong technical understanding of cyber security and security vulnerabilities     

Good to know

• Hybrid working across a standard working week. 
• Standby required (1 in every 6 weeks) but this is negotiable 

For any further information about this role please contact Joseph Chmeil - joseh.chmiel@dwrcymru.com 

Benefits

As well as a market competitive salary, 33 days annual leave (pro rata, including public holidays), we offer a range of employee benefits and rewards including:

•    Variable pay schemes ((your salary band will remain the same, but performance depending, you could receive an incremental within-band increase and a yearly incentive)
•    Option to buy additional annual leave up to 5 days per year
•    Enhanced employer pension contributions – Up to 11% employer contributions
•    Enhanced family friendly policies
•    Progression opportunities, including the ability to apply for funded training and coaching and mentoring programmes
•    Reduction on gym memberships and high street shopping
•    Cycle to work scheme
•    Free on-site parking at all our sites
•    Discount off all Welsh Water visitor attraction centres and gift shops
•    Car-leasing scheme
•    Health CashBack scheme
•    An employee assistance programme for employees and their immediate family

Whilst also working for a not-for profit company that truly cares about earning the trust of customers everyday, and about looking after our beautiful environment

Please note, we may close this role sooner if required. We may also extend the original closing date depending on interest.

Due to the nature of the industry, we require satisfactory references, post offer medical clearance, and a criminal records Basic Disclosure check on all new employees joining the business. For some roles there may be additional checks and security clearance required, and this offer is subject all checks being satisfied. You will receive further information on how to complete these checks via email once you have accepted this offer.
 

Who we are

Dŵr Cymru Welsh Water keep 3 million people healthy each day with safe, reliable water, and take away wastewater to clean, before returning it safely to our beautiful rivers and seas.

To be able to deliver high quality, essential services which help to protect the health of our customers, colleagues and our environment, we need the right people to deliver on our vision.  This is achieved by living our core values and demonstrating the core behaviours that underpin them.  The security of our people, assets and information is key to us, so we are looking for people who understand and comply with the company’s required security objectives.

We know that the most successful teams are the most diverse teams. Equality, diversity and inclusion provide the very foundation to our culture at Welsh Water. We want every individual to feel confident, proud and able to bring their whole selves to work. 

To ensure an improved representation in our workforce, applications are particularly welcome from minority groups including Black, Asian and Minority Ethnic people, Females, LGBT+, Non-binary and people with disabilities. Together we continue to build a workplace that not only celebrates the diverse voices of our colleagues but also represents each customer we serve.

In essence, ours is a company based on trust, openness, respect, commitment and honesty. A company that our colleagues are proud to work for.

INDHP

Dŵr Cymru Cyf, a limited company registered in Wales No. 2366777. Registered office: Linea, Fortran Road, St. Mellons, Cardiff CF3 0LT

© Dŵr Cymru Cyf 2019.