Threat and Vulnerability Manager Wintrust Financial Corporation
Rosemont, IL

Job Description

The Threat and Vulnerability Manager will have the responsibility to execute the Wintrust Information Security Strategy for threat hunting while continuing to develop and mature the existing Vulnerability Management program. The role is a hybrid of managerial knowledge well versed in Information Security and highly technical knowledge of threats of both hardware, software, and network. The ideal candidate will have experience in maturing V.M programs and be versed in threat modeling, threat hunting, and penetration testing. This position will also be in charge of growing the team into three main groups, concentrating on Compliance testing & Vulnerability Management, Penetration testing, and Threat Management.

Area of Responsibility:

* Managing the end-to-end vulnerability lifecycle


* Developing & Deploying a threat hunting program


* Performing and reporting on vulnerability scans and other detection systems


* Maturing the team through mentorship and technical expertise


* Engaging in stakeholder management


* Working in tandem and under governance of Wintrust Information Security group


* Developing Maintenance program for Threat and V.M tools


* Developing Threat Models


* Developing Risk Taxonomy


* Deploying new tools


* Maturing current KRI's and KPI's in conjunction with responsible bodies


* Working with various groups to conduct ad hoc penetration testing and well as assist Information Security and Audit as needed in their testing


* Maintaining current knowledge and understanding of threats, emerging threats, and vulnerabilities.


* Experience building, leading and growing an Threat and Vulnerability function. Experience coaching Threat and Vulnerability Engineers to strengthen the skills and outcome/value of the team.
* Experience leading large portfolios of inter-related projects, achieving target outcomes and business value within budget and timeline.
* Broad technology expertise, across all Threat and Vulnerability disciplines. Experience across varying models, including distributed and multi-tiered application environments.
* Demonstrated experience facilitating business and IT senior leaders and executives in definition of business-driven IT roadmaps.
* Demonstrated results in delivering defined roadmaps and associated business value, realizing both business and IT goals through such investments.
* Demonstrated ability to make informed, data-driven decisions, applying appropriate decision making rigor around projects, solutions and preferred technology.
* Experience in a variety of work environments and industries, with demonstrated ability to be effective and deliver on the defined responsibilities in these varying environments. Able to quickly adapt techniques to the target environment and stakeholders. Experience in Banking/Financial environments preferred.
* Full IT development life-cycle experience and knowledge, applying varying traditional and agile methodologies.
* Strong analytical skills, with demonstrated ability to assess system and technology portfolios, recommend improvement opportunities, and align stakeholders around remediation of gaps.
* Grasp of current and emerging technologies and trends, with ability to rapidly assess and apply new and emerging technologies.
* Excellent communication skills, both written and verbal, with ability to communicate effectively at all levels of the organization.
* Demonstrated ability to build strong relationships with both business and IT stakeholders and leaders, as well as IT engineering teams.
* Knowledge of varying architecture methodologies, with demonstrated ability to select and apply the appropriate method to the problem at-hand.
* Ability to balance concurrent engagement in multiple complex initiatives.

Preferred Skills and Certifications:

* 8 years in vulnerability assessments and/or penetration testing


* 4 years combined solid experience in one of the major V.M Scanners (Qualys, Tennable, Rapid7)


* CISSP or CISSP-ISSMP


* GPEN, GCWN, GWAPT, GXPN, GDAT



Required Skills and Experience:

* 6 years in vulnerability assessments and/or penetration testing (Patching is not applicable)


* 2 years combined solid experience in one of the major V.M Scanners (Qualys, Tennable, Rapid7)


* Experience and knowledge of Metasploit, Kali Linux, and Wireshark


* Solid Knowledge of CVSS, OWASP Top 10


* Knowledge and experience of building threat models


* Knowledge and experience integrating threat feeds into various systems


* Experience with scripting with any of the following: Python, Ruby, Shell, Bash, Perl


* Ability to adapt and work collaboratively


* Comfortable with rapid changes in direction and new challenges


* Well versed in written and verbal communications at all levels



Wintrust Financial Corporation (Wintrust) is a financial services company based in Rosemont, Illinois, with approximately $30 billion in assets. We engage in the business of providing traditional community banking services, commercial banking, wealth management services, commercial insurance premium financing, life insurance premium financing, mortgage origination, short-term accounts receivable financing, and certain administrative services, such as data processing of payrolls, billing and treasury management services. We provide community-oriented, personal and commercial banking services to customers located in the greater Chicago, Illinois and southern Wisconsin areas through our 15 wholly-owned banking subsidiaries.

We provide an engaging, dynamic work environment, an excellent compensation package including 401k, employee stock purchase plan, medical/dental, life insurance and more!

Wintrust Financial Corporation, including community banking and financial services subsidiaries, is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, ethnicity, gender, sexual orientation, gender identity, national origin, veteran status, or disability.