Threat and Vulnerability Manager

We are PXC, the UK’s largest provider of wholesale connectivity. Our vision is to be the UK’s #1 wholesale platform, a one-stop shop provider of connectivity, voice, cloud and security underpinned by the UK’s most robust, secure, resilient and reliable network.

Born from the combination of Virtual1 and TalkTalk’s wholesale services and national network business, we operate across our 3 core sites (Salford, London and Skopje, North Macedonia).

Our mission is clear, to be the UK’s best company to work for and best to work with. We believe this success is driven by the power of our employees. We empower our people to become true experts in their field who embody our values every day: we care; we challenge; we commit.

About The Team

You will be part of an efficacious Security Risk Management team that exists in a strong and mature Security function within PXC’s Technology and Security Business Unit. 

Reporting directly into the Head of Security Risk Management, you will be responsible for vulnerability management of PXC and our partners’ application, on-prem and cloud infrastructure.

About Your Role

You will lead the enterprise Threat & Vulnerability Management (TVM) function—strategy, operations, and governance—across on‑prem and cloud environments.

You will own the end‑to‑end cycle (identify → assess → remediate → verify → report), drive timely risk reduction with technology teams, and ensure adherence to our security standards and regulatory obligations (ISO/IEC 27001:2022, PCI DSS, Cyber Essentials, TSA).

Key Responsibilities

• Define and evolve the TVM strategy, roadmap, and operating model covering infrastructure, applications, endpoints, and cloud services; embed policy/standard requirements into day‑to‑day engineering practice.

• Chair / contribute to the Vulnerability Management Steering Committee and related governance forums; drive decisions, unblock remediation, and agree risk treatments or exceptions.

• Maintain and enforce the Vulnerability Management Security Standard and related procedures, ensuring clarity of roles (Asset Owners, TVM team, Security Risk Managers) and handoffs to Patch, Change, and Incident functions.

• Oversee asset‑appropriate discovery and scanning schedules (cloud, container, server, network, endpoint, web/app) and verify coverage and scan health.

• Lead triage and risk assessment using business context, exploitability, and threat intelligence to prioritise remediation.

• Orchestrate remediation with platform and application owners.

• Drive Patch Management integration (assessment → deployment → validation), ensuring platform teams meet timelines per severity and service criticality.

• Ensure compliance with control objectives mapped in our standard (e.g., ISO/IEC 27001:2022, PCI DSS, TSA, Cyber Essentials).

• Prepare evidence for audits, customer assurance, and regulatory inquiries; produce management reports for senior stakeholders demonstrating posture and risk trending.

• Own the TVM tooling estate and integrations (ITSM, CMDB, CI/CD, cloud security, dashboards); champion automation for noise reduction, dedupe, and exception governance.

What Will Make You Successful in this Role

Essential:

• Demonstrable leadership of an enterprise TVM programme across hybrid (on‑prem & cloud) estates, partnering cross‑functionally to land remediation at scale.

• Deep understanding of vulnerability lifecycle, risk assessment, exploitability, patch orchestration, and asset lifecycle management.

• Strong grasp of relevant standards/regulations (ISO/IEC 27001:2022, PCI DSS, Cyber Essentials, TSA) and how to evidence compliance.

• Expertise in stakeholder management, influencing, and conflict resolution at senior levels.

• Ability to design metrics and executive‑ready reporting; comfortable presenting at SteerCos and risk forums.

Desirable:

• Experience integrating TVM into DevOps/CI‑CD and cloud‑native platforms.

• Familiarity with risk methodologies and governance tooling (e.g., ITSM, CMDB, GRC).

• Relevant certifications (e.g., CISSP, CISM, GIAC, AZ‑500, CSSLP).

How we look after our employees

• Our brand new “PXC Flex” benefit launched in January 2025, which includes Flex30, an additional 30 hours* of leave every year for you to use how you wish

• Our hybrid working policy offers you flexibility to work from home as well as connecting with your colleagues in one of our accessible and collaborative office spaces

• A starting holiday allowance of 25 days* holiday and up to 10 extra days* leave via our holiday purchase scheme

• Free private healthcare for all employees, competitive pension scheme and the opportunity to earn bonus

• Free broadband for all employees plus gifts for major life events such as marriages and births

• Flexible salary sacrifice scheme including dental, gym plus a huge range of shopping and leisure discounts so you can save even more cash

• A range of inclusive employee networks to help integrate employees into life at PXC
   

(* Days and hours are based on a full-time employee’s working pattern and leave is pro-rated for part-time employee)

At PXC, we know that diversity means success and innovation. We want our workplace to reflect the communities and customer we serve. Being inclusive is part of our DNA; we are all 100% human, and we create a culture where you can truly be yourself.

We’re also not your usual 9-5. We are a dynamic workplace and we want to talk to you about how you like to work.