Davidson, NC, 28035, USA
28 days ago
Senior Manager, Vulnerability Management
At Trane Technologies TM and through our businesses including Trane ® and Thermo King ® , we create innovative climate solutions for buildings, homes, and transportation that challenge what’s possible for a sustainable world. We're a team that dares to look at the world's challenges and see impactful possibilities. We believe in a better future when we uplift others and enable our people to thrive at work and at home. We boldly go. **What’s in it for you:** **Be a part of our mission!** As a world leader in creating comfortable, sustainable, and efficient environments, it’s our responsibility to put the planet first. For us at Trane Technologies, sustainability is not just how we do business—it is our business. Do you dare to look at the world's challenges and see impactful possibilities? Do you want to contribute to making a better future? If the answer is yes, we invite you to consider joining us in boldly challenging what’s possible for a sustainable world. As part of the Digital Risk Security Operations team, the Senior Manager, Vulnerability Management will play an integral role in overseeing and managing our vulnerability management, application security, and external attack surface programs, as well as providing thought leadership on securing the company against current and emerging threats within our attack surface. The ideal candidate for this role is able to provide leadership and mentoring to the team while also being able to direct triage and response to critical vulnerabilities and oversee the strategic direction of the program. They also have both technical expertise and experience, as well as communication and leadership skills to influence and seamlessly collaborate across multiple stakeholder groups. This role reports to the Director of Security Operations. **Thrive at work and at home:** + **Benefits** kick in on **DAY ONE** for you and your family, including health insurance, parental leave, fertility benefits and adoption assistance. + Significant opportunities for you in our **wellness program** such as fitness reimbursement, HSA contributions and back-up care for aging parents and children. + 6% **401K** match, additional 2% core contribution = **8%** overall match + **Vacation** , plus site paid **holidays** and **volunteer** days. + Educational and training opportunities through company programs along with tuition **advancement** , tuition **reimbursement** and tuition **assistance** programs. + Learn more about our benefits here (https://careers.tranetechnologies.com/global/en/benefits) ! **Where is the work:** This is a Remote position. Work will be performed within Eastern Time Zone (EST) **What you will do:** + Oversee, mature, and provide strategic direction for the vulnerability management program. + Direct and/or perform on-going vulnerability assessments, penetration tests, and application and network security scans. + Communicate vulnerability results in a manner understood by technical and non-technical business units. based on risk tolerance and threat to the business, and gain support through influential messaging. + Drive remediation of vulnerabilities, while collaborating with and assisting system owners with prioritization and providing guidance on adequate remediation/risk reduction actions. + Work closely with developers on remediation of application vulnerabilities. + Track and report on critical vulnerability status and impact, including triage, remediation, documentation, and escalation. + Maintain and regularly update documentation of the company’s external attack surface. + Monitor the company’s attack surface and external threat intelligence for applicable critical/zero day vulnerabilities, and triage through process as appropriate. + Serve as a subject matter expert on emerging threats and vulnerabilities. + Maintain governance over documentation, including management and updates of relevant policies, procedures, standards, and similar, making updates to stay aligned with evolving requirements and threats. + Report metrics and scorecards to measure effectiveness and efficiency of vulnerability management program. + Mentor, coach, and develop key talent within the team. + Assist with management of departmental budget and vendor relationships, including conducting quarterly business reviews, capturing metrics, and reporting on KPIs to drive program improvements. + Serve as a key cybersecurity SME to advise other IT and cybersecurity team members; as well as our third parties, key partners, and acquired entities. + Work closely with the Director, Security Operations, on strategic direction and continuous improvement of the function, including capability and maturity assessments and long-range planning, as well as evaluation of current and future-state toolsets and partnerships. **What you will bring:** + Bachelor’s degree in a related field and/or a minimum of 7-10 years of equivalent experience in cybersecurity + At least 3 years in vulnerability management, penetration testing, or other related expertise. + Solid technical understanding of cybersecurity concepts, frameworks, standards, guidelines, and principles. + Ability to handle time-sensitive situations with a calm and serious attitude while maintaining an appropriate sense of urgency. + Ability to keep abreast of current vulnerabilities and communicate impact, assist with prioritization, and drive appropriate remediation actions to stakeholders. + Ability to communicate and present at various levels of technical detail depending on audience, ranging from cybersecurity deep dives to non-technical stakeholders. + Effective project management and organizational skills, including managing multiple, concurrent tasks and meeting deadlines. + Excellent interpersonal skills and ability to create collaborative relationships with colleagues across various groups and levels, and influence without authority. + Demonstrated leadership skills with ability to communicate effectively and work independently, both as part of and leading a team. + Strong preference for candidates have at least one of the following: CISSP, SANS, CISA, CISM, or equivalent/similar cybersecurity certifications. + Travel: 5-10%. **Compensation:** Base Salary: $160,000 - $220,000 Additional Compensation: Total compensation for this role also will include an incentive plan. Disclaimer: This "range" could be a result of seniority, merit, geographic location where the work is performed, education, experience, travel requirements for the job, or because of a system the employer uses to measure earnings by quantity or quality of production (so, for example, positions that may not have traditional salary ranges). We offer competitive compensation and comprehensive benefits and programs. We are an equal opportunity employer; all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, pregnancy, age, marital status, disability, status as a protected veteran, or any legally protected status. \#LI-Remote
Confirm your E-mail: Send Email