Associate Director Info Security

The Threat & Vulnerability Team Manager will be leading critical support for the Information Security’s vulnerability management program (VM) for both the on-prem & cloud environments managed by One Main Financial (OMF). They will help create a robust proactive approach for preventing unauthorized access, changes, or exploitation of vulnerabilities through mitigation, active defenses, and automated responses. The VM team’s portfolio of activities includes providing vulnerability detection and remediation oversight, vulnerability research, secure baseline compliance, web application security, host-based security, network security, and acting as security subject matter experts for all the organization.

Required TVM Technical Competencies

• Extensive knowledge and hands-on experience with a variety of Vulnerability Management Tools such as Tenable, DB Protect, Netsparker, Qualys, etc.
• Expert knowledge of the Vulnerability Management lifecycle
• Proven track record of designing, implementing, and managing a successful Threat & Vulnerability Management Program
• Strong knowledge of networking, operating systems, databases, and web applications
• Strong knowledge of cybersecurity operations (Cyber Threat Intelligence, Penetration testing, & Incident Response)
• Deep knowledge and experience of performing both manual and automated asset discovery and enumeration
• Deep knowledge and experience of systematic and data-driven asset prioritization
• Expert knowledge and successful application of risk management frameworks
• Required TVM Management Competencies
• Track record of leading enterprise-level vulnerability management teams with a history of increasing responsibility
• Expert project management skills
• Ability to explain vulnerability management concepts to a wide range of audiences verbally and in writing
• Expertise in developing and improving vulnerability management operations and processes
• Strong interpersonal skills and the ability to collaborate with a variety of stakeholders to ensure vulnerability management compliance
• Expert problem solving and critical thinking skills
• Proactive disposition and ability to execute on leadership vision with minimal oversight

Additional Responsibilities

• Perform Project/Team Management activities, including assigning tasks, 1-1 coaching, upskilling junior team members, performance evaluations, etc.
• Lead the redesign, build and day-to-day operations of the vulnerability management (VM) team to include standardization of processes and managing customer expectations.
• Effectively manage a team of vulnerability management professionals who are focused on proactively preventing the exploitation of IT vulnerabilities that exist across the OMF environments.
• Successfully assign and complete VM projects, tasks, and\or initiatives on time and to vulnerability management standards.
• Track all team projects, tasks, and/or initiatives in a centralized location (e.g., Microsoft Lists, Jira, etc.) and provide a reportable schedule.
• Drive actionable metrics which help ensure the team reduce the time and resources needed to detect, investigate, analyze and remediate vulnerabilities.
• Manage performance of risk‐based assessments of current and emerging information security issues to support the mission by prioritizing remediation efforts.
• Proactively delegate support of regular vulnerability, compliance/configuration, database, and web application scanning.
• Apply effective problem solving and critical thinking skills to evaluate applicable solutions, conduct pilot/evaluations for proof of concepts and ultimately implement better mitigating controls.
• Research current and emerging information security exploits, threats, and vulnerabilities and disseminate contextual information to appropriate stakeholders.
• Facilitate exception handling, waiver processing and escalations as needed.
• Maintain regular communication with security leaderships on process optimization, tools tuning and resetting of VM priorities as business needs prudently recommend.

Minimum Qualifications

• Bachelor's degree and 8+ years of related work experience; or a graduate degree and approximately 7-8 years of related work experience in the fields of Computer Science, Information Systems, Engineering, Business or related major
• A minimum of 6+ years of professional work experience in cybersecurity with at least 5 years in Vulnerability Management.
• 3 or more years managing\supervising a team of vulnerability management professionals.
• Knowledge of general security concepts and methods such as vulnerability assessments, data classification, privacy assessments, incident response, security policy creation, enterprise security strategies, architectures, and governance.
• Experience in process definition, workflow design and process mapping
• Excellent interpersonal, written/verbal communication and leadership skills with the ability to make recommendations to all levels of the organization.

OneMain Holdings, Inc. is an Equal Employment Opportunity (EEO) employer. Qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship status, color, creed, culture, disability, ethnicity, gender, gender identity or expression, genetic information or history, marital status, military status, national origin, nationality, pregnancy, race, religion, sex, sexual orientation, socioeconomic status, transgender or on any other basis protected by law.