Skip to main contentA logo with &quat;the muse&quat; in dark blue text.

Head of Vulnerability & Business Information Risk Management

AT MassMutual
MassMutual

Head of Vulnerability & Business Information Risk Management

Boston, MA

Overview:
We are seeking a highly skilled and strategic leader to join our organization as the Head of Vulnerability & Business Information Risk Management. In this role, you will be responsible for overseeing and enhancing our vulnerability management program and application security practices. You will lead a team of experts to identify, assess, prioritize, and mitigate vulnerabilities across our systems and applications, ensuring the integrity and security of our technology infrastructure.

Key Responsibilities

  • Leadership and Strategy:
    • Develop and execute a comprehensive vulnerability management strategy aligned with organizational goals and industry best practices.
    • Provide strategic direction and vision for application security initiatives, integrating security into the software development lifecycle (SDLC).
  • BISO and Enterprise Advisory Services:

Want more jobs like this?

Get jobs in Boston, MA delivered to your inbox every week.

By signing up, you agree to our Terms of Service & Privacy Policy.
  • Working closely with business leaders, technology leaders, and privacy professionals to assure the organization meets current standards, complies with regulatory requirements, and addresses the future direction of the business.
  • Team Management:
    • Lead and mentor a team of vulnerability management and application security professionals, fostering a culture of excellence, innovation, and collaboration.
    • Define roles, responsibilities, and career development paths within the team to promote growth and maximize performance.
  • Vulnerability Assessment and Remediation:
    • Oversee the identification, assessment, and prioritization of vulnerabilities across infrastructure, networks, and applications.
    • Implement effective remediation strategies and controls to mitigate identified vulnerabilities promptly.
  • Application Security Governance:
    • Establish and enforce application security policies, standards, and guidelines to ensure compliance with regulatory requirements and industry standards (e.g., OWASP).
    • Conduct regular security assessments and audits of applications to identify security gaps and recommend solutions.
    • Work with developers and architects to ensure security is appropriately built in the development cycle. Coordinate the performance of internal and external network and systems vulnerability assessments and penetration tests.
  • Collaboration and Communication:
    • Collaborate with cross-functional teams including IT operations, development, architecture, and risk management to integrate security into the overall IT strategy.
    • Communicate security risks and recommendations to senior leadership and stakeholders, advocating for necessary investments and resources.
  • Incident Response and Continuous Improvement:
    • Develop and maintain incident response plans and procedures related to vulnerabilities and application security incidents.
    • Drive continuous improvement initiatives to enhance the effectiveness and efficiency of vulnerability management and application security processes.


    • Required Skills and Qualifications:
    • Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or related field; advanced degree preferred.
    • Proven experience (8+ years) in vulnerability management, application security, or related cybersecurity roles, with at least 5 years in a leadership capacity.
    • Deep technical expertise in vulnerability assessment tools, application security testing methodologies, and threat modeling.
    • Strong understanding of regulatory requirements, compliance frameworks (e.g., PCI-DSS, GDPR), and industry standards (e.g., NIST, ISO 27001).
    • Demonstrated ability to develop and execute strategic initiatives, manage budgets, and drive organizational change.
    • Excellent communication skills, with the ability to articulate complex technical concepts to non-technical stakeholders and influence decision-making at all levels.

    Preferred Qualifications:
    • Industry certifications such as CISSP, CISM, CEH, or GIAC certifications (e.g., GPEN, GWAPT).
    • Experience with cloud security architecture and technologies (e.g., AWS, Azure, GCP).
    • Knowledge of DevSecOps principles and practices, including automation of security testing and monitoring.

    #LI-MC1
    MassMutual is an Equal Employment Opportunity employer Minority/Female/Sexual Orientation/Gender Identity/Individual with Disability/Protected Veteran. We welcome all persons to apply. Note: Veterans are welcome to apply, regardless of their discharge status.

    If you need an accommodation to complete the application process, please contact us and share the specifics of the assistance you need.
    EEO Statement (Opens in new window)
    MassMutual will accept applications on an ongoing basis until such time as a candidate has been offered employment.

    Salary Range: $189,900.00-$249,200.00

    Client-provided location(s): Boston, MA, USA
    Job ID: MassMutual-R16460
    Employment Type: Other

    Perks and Benefits

    • Health and Wellness

      • Health Insurance
      • Dental Insurance
      • Vision Insurance
      • Life Insurance
      • Short-Term Disability
      • Long-Term Disability
      • FSA With Employer Contribution
      • HSA With Employer Contribution

    • Parental Benefits

      • Adoption Leave
      • Birth Parent or Maternity Leave
      • Non-Birth Parent or Paternity Leave

    • Work Flexibility

      • Hybrid Work Opportunities

    • Vacation and Time Off

      • Paid Vacation
      • Paid Holidays
      • Volunteer Time Off

    • Financial and Retirement

      • 401(K) With Company Matching
      • Performance Bonus

    • Professional Development

      • Professional Coaching
      • Learning and Development Stipend
      • Mentor Program

    Search Additional Jobs

    Head of Vulnerability Business Information Risk Management Jobs in Boston, MAJobs in Boston, MA