Manage and oversee the vulnerability management lifecycle, including intake, validation, prioritisation, tracking, and reporting of vulnerabilities.
Act as the primary liaison with external security vendors performing VA, PT, NVA, and HCS activities.
Review and validate assessment results to ensure accuracy, completeness, and relevance before dissemination.
Coordinate with internal application, infrastructure, and platform teams to drive remediation efforts, ensuring issues are addressed within defined timelines.
Track remediation progress, perform follow-ups, and escalate overdue items to ensure accountability and closure.
Ensure the quality and consistency of vulnerability findings, including proper severity classification using industry standards such as CVSS.
Maintain centralised tracking through the Vulnerability Management System (VMS), ensuring data integrity and audit readiness.
Provide regular reporting and metrics on vulnerability status, trends, risk exposure, and remediation performance to management and stakeholders.
Work with system owners to implement risk treatment plans, including remediation, mitigation, or risk acceptance where appropriate.
Support internal and external audits by providing evidence and documentation related to vulnerability management activities.
Continuously improve processes, workflows, and automation within the VMS to enhance efficiency and visibility.
Ensure all activities comply with regulatory frameworks including MAS TRM, Cyber Hygiene Notice, Cybersecurity Act, and CCoP.
Requirements:
Education and Experience
Degree or Diploma in Computer Science, Computer Engineering, or Information Security related fields.
At least 5 years of experience in vulnerability management, security assessment, or SOC operations.
Hands-on experience managing third-party security testing (VA/PT) engagements is preferred.
Skills and Knowledge
Strong understanding of vulnerability management practices, including scanning, prioritisation, and remediation tracking.
Familiarity with VA, PT, NVA, and HCS methodologies and tools.
Good knowledge of CVSS scoring, OWASP Top 10, and common security vulnerabilities.
Experience working with Vulnerability Management platforms (e.g. Tenable, Qualys, or similar).
Strong stakeholder management skills with the ability to follow through on remediation across multiple teams.
Familiarity with MAS Technology Risk Management Guidelines, Cyber Hygiene Notice, and Cybersecurity Code of Practice.
Ability to analyse technical findings and translate them into clear, actionable recommendations.
Strong organisational and tracking skills with attention to detail.
Professional Certifications
Relevant industry certifications (e.g. CISSP, CEH, GPEN, GSEC) are advantageous.
