Vulnerability Management Lead

Qube Research & Technologies (QRT) is a global quantitative and systematic investment manager, operating in all liquid asset classes across the world. We are a technology and data driven group implementing a scientific approach to investing. Combining data, research, technology and trading expertise has shaped QRT’s collaborative mindset which enables us to solve the most complex challenges. QRT’s culture of innovation continuously drives our ambition to deliver high quality returns for our investors. 

Your future role within QRT
The Vulnerability Management Lead at at Qube Research & Technologies (QRT) will be responsible for leading the global vulnerability management programme, identifying, assessing, and mitigating vulnerabilities in systems, networks, and applications. This role blends technical expertise with operational management, requiring close coordination with internal stakeholders to ensure the timely and efficient remediation of vulnerabilities.

You will manage and oversee both the technical aspects of vulnerability identification and prioritisation, as well as the non-technical side involving communication, coordination with cross-functional teams to ensure timely patching and remediation, compliance and reporting. Your role will include evaluating vulnerabilities for exploitability, aligning patching schedules, overseeing, and ensuring the integrity of pre- and post-patch checks. The position reports directly to the Head of Security.

• Lead the Vulnerability Management Programme: Oversee vulnerability scanning, analysis, prioritisation, and remediation efforts, ensuring alignment with corporate security goals and compliance.
• Stakeholder Coordination: Collaborate with IT, Cloud, engineering,  business and security teams to schedule patching and remediation activities. Ensure patching causes minimal disruption to business operations.
•  Communication: Draft and send out clear communications on upcoming patching activities, vulnerability disclosures, and remediation plans. Report regularly to stakeholders on the status of vulnerability management efforts, including producing detailed management reports and metrics to track progress, highlight key issues, and ensure transparency in remediation actions.
• Pre and Post Patch Verification: Ensure all patches are properly tested before deployment and verify the success of patches post-deployment using relevant tools and methods.
• Vulnerability Assessment and Exploitability Analysis: Assess which vulnerabilities are most critical to the business, prioritising them based on potential exploitability and risk.
• Collaboration: Work with security teams globally, aligning efforts and sharing best practices to maintain a secure and resilient environment.
• Continuous Improvement: Stay updated on the latest vulnerability trends, attack vectors, and cybersecurity threats by following industry news, participating in relevant forums, and maintaining vendor relationships. Recommend and implement tools, automation, and processes to improve the efficiency and accuracy of vulnerability detection, analysis, and remediation.
• External Penetration Testing Coordination: Collaborate with external vendors to schedule and coordinate penetration testing activities. Ensure that the scope of the tests aligns with organizational security goals and regulatory requirements. Communicate test results to relevant stakeholders, including producing reports that detail findings, metrics, and recommended remediation actions. Track the resolution of identified vulnerabilities to ensure timely mitigation.
• Incident Response Support: Collaborate with the incident response team to investigate and drive remediation of vulnerabilities with stakeholders that are being actively exploited or pose significant risk to the business. Provide vulnerability data, security research and context during security incidents to support containment, remediation, and recovery efforts.
• Collaboration with Product Security Team: Work closely with the product security team to ensure vulnerabilities in internally developed applications are effectively tracked and remediated. Regularly produce reports and metrics on the status of application vulnerabilities and remediation progress, ensuring visibility across teams and stakeholders.

Your present skillset

• Minimum 5 years of experience in vulnerability management or a similar security role, with at least 2 years in a leadership capacity.

• Strong technical knowledge with hands on experience using vulnerability scanning/assessment tools.
• Familiarity with both on-premise and cloud environments (AWS, Azure) and hybrid setups.
• Ability to communicate effectively with both technical and non-technical stakeholders.
• Experience in coordinating patch management processes across a large organisation and timezones, ensuring minimal business disruption.
• Ability to evaluate vulnerabilities based on risk and exploitability, providing guidance on patching priorities.
• Strong organisational skills to manage patch schedules, stakeholder coordination, and compliance requirements.

Desirable:

• Certifications such as CISSP, CISM, or relevant security qualifications.
• Experience working in a fast-paced, globally distributed organisation.
• Familiarity with regulatory requirements and security standards (e.g., ISO 27001, NIST)QRT is an equal opportunity employer. We welcome diversity as essential to our success. QRT empowers employees to work openly and respectfully to achieve collective success. In addition to professional achievement, we are offering initiatives and programs to enable employees achieve a healthy work-life balance. 

QRT is an equal opportunity employer. We welcome diversity as essential to our success. QRT empowers employees to work openly and respectfully to achieve collective success. In addition to professional achievement, we are offering initiatives and programs to enable employees achieve a healthy work-life balance