Manager, Vulnerability Posture Management (VPM)

• Hybrid work environment  
• Permanent opportunity  
• Newly created cyber leadership position that offers a unique opportunity to shape Vulnerability and Posture management capability for the RBA  

This is a unique opportunity to join the Reserve Bank of Australia to establish and lead a newly created Vulnerability and Posture Management team within the Bank’s Cyber section. You will oversee and manage the organisation's cyber vulnerability and posture management program by developing and implementing strategies to identify, assess, remediate and monitor threats and vulnerabilities across the Bank’s technology environment. You will be instrumental in evolving and enhancing the Bank’s risk-based vulnerability and exposure management, attack surface reduction and embedding continuous assurance practices to strengthen cyber posture across the enterprise.

About the role

• Define and drive the strategy and roadmap for the Bank’s Vulnerability & Posture Management capability, evolving it into a risk-based approach to managing cyber exposure across devices, infrastructure, cloud and applications. 
• Lead and mentor a team of security analysts and engineers across the end-to-end vulnerability management lifecycle, ensuring vulnerabilities and configuration exposures are identified, prioritised and remediated providing clarity in risk prioritisation and remediation ownership. 
• Provide cross-functional leadership across vulnerability security analysts, remediation owners and business stakeholders to improve triage, prioritisation, escalation, remediation tracking and overall exposure remediation workflow effectiveness. 
• Drive a risk-based approach to prioritisation and remediation, assessing vulnerabilities, misconfigurations and attack paths in the context of threat intelligence, security controls and business criticality. 
• Maintain and operate vulnerability and exposure management tech stack across infrastructure, cloud, devices, applications and identity while improving discovery, consolidation and reporting by integrating with service management workflows to improve remediation effectiveness  
• Lead rapid emergency vulnerability response to critical vulnerabilities, coordinating timely impact assessment and remediation across Cybersecurity, technology and business teams. 
• Collaborate with cyber, technology and business teams to develop and provide continuous assurance on secure configuration compliance and security controls incorporating threat intelligence and business context to proactively manage cyber posture. 
• Deliver clear executive and operational reporting, translating vulnerability and exposure data into meaningful insights on cyber posture, remediation performance and risk reduction. 

About you

• Minimum five years’ experience in leading teams in vulnerability management, security operations, or related cybersecurity disciples with ability build capability and drive outcomes in complex environments 
• Strong knowledge of risk-based prioritisation, including exploitability, threat intelligence, attack paths, business criticality and cyber risk and controls context. 
• Excellent understanding and experience managing and operating vulnerability management, cloud security posture management, attack surface management and identity posture management technologies and integration with service and workflow management tools (e.g. Tenable, Qualys, ServiceNOW etc) 
• Familiarity with cyber security frameworks such as NIST, CIS Critical Security Controls or the ACSC Essential Eight. 
• Solid understanding of the threat landscape, vulnerability attack patterns and techniques and familiarity with frameworks such as MITRE ATT&CK, KEV catalogue, CVSS and EPSS scoring systems. 
• Strong understanding of vulnerability management metrics and demonstratable ability to communicate meaningful insights 
• Strong stakeholder management and collaboration with infrastructure, cloud and application teams to drive remediation and improve security posture. 
• Professional certifications such as CISSP, CISM or SANS GIAC are highly regarded. 
• Tertiary qualifications in a relevant field such as Cyber Security, Computer Science or Information Technology.
• Must be an Australian Citizen holding or eligible for NV1 security clearance. 

Be More

Working for an organisation that truly makes a difference to the people of Australia, we can offer development and career opportunities in a collaborative environment that supports your growth, wellbeing and promotes flexibility. Your individual growth and success drives the RBA forward as an organisation. Be more means you can do more, for yourself and for Australia.

Why RBA?

The RBA makes an important contribution to the Australian economy through the pursuit of national economic policy objectives and associated activities in financial markets and banking. We also issue Australia's banknotes and operate infrastructure critical to the payments system, all of which contribute to the welfare of the Australian people. Made up of specialists across a wide range of fields, our people, values, and culture play a critical role in achieving our objectives.

Striving to be Open & Dynamic, we consider and incorporate different perspectives, work across teams and are transparent with each other, whilst delivering quality together effectively and focusing on outcomes by prioritising, testing, learning, and refining as we go. Our people conduct themselves with a high degree of integrity, while striving for excellence in the work they perform and the outcomes they achieve. We encourage intelligent inquiry and we treat one another with respect while promoting the public interest through our efforts. We know it is the growth and success of our people that drives the RBA forward. Come and make a bigger contribution while you build and develop your own skills too, because being more means you can do more, for yourself and for Australia.

The Reserve Bank of Australia is committed to equity, diversity and inclusion through key initiatives. We welcome and encourage applicants from diverse backgrounds to apply, including Aboriginal and Torres Strait Islander peoples, culturally and linguistically diverse background, those living with a disability and from the LGBTQ+ community. We are committed to making the recruitment process fair and equitable for all our candidates.

Application Close :

.