Vulnerability Management Lead (Remote – UK) Location: Remote (monthly team meet-ups in our London office) Team: Cyber Services
We're looking for an experienced Vulnerability Management Lead to own and evolve our end-to-end vulnerability management programme. This is a high-impact role where you'll work across technology teams and business units to reduce risk, improve maturity, and deliver clear, actionable insight to senior stakeholders.
The Role You'll be responsible for the full vulnerability lifecycle — from discovery and prioritisation through remediation and executive reporting. Leading a team of skilled vulnerability analysts and technical specialists, you'll collaborate closely with resolver groups, audit teams, and maturity programmes to continuously strengthen our security posture.
Although the role is fully remote, the team comes together monthly in our London office to collaborate and connect.
What You'll Do Strategy & Governance
Define and own the vulnerability management strategy, policies, SLAs, and operating rhythm.
Manage and mature the exemptions process in line with industry best practice.
Continuously raise the maturity of the programme, ensuring the right information reaches the right teams at the right time.
Risk Identification & Prioritisation
Own the vulnerability lifecycle from discovery through remediation to executive reporting.
Prioritise vulnerabilities based on risk, exposure context, asset criticality, and business impact.
Partner with threat intelligence teams to enrich CVEs and improve risk-based decision-making.
Perform root cause analysis on recurring vulnerabilities and systemic issues, driving long-term remediation.
Leadership & Collaboration
Lead and develop a team of experienced vulnerability analysts and technical specialists.
Work closely with technology teams, business units, audit, and resolver groups to reduce organisational risk.
Influence stakeholders and push boundaries to continuously improve capability and outcomes.
What You'll Bring Experience & Technical Skills
Proven experience delivering vulnerability management in complex, regulated, or enterprise-scale environments.
Hands-on experience with vulnerability management tools such as Tenable One, AWS Inspector, and ServiceNow VR .
Strong technical knowledge across security domains including IAM, network security, cloud controls, application security, and monitoring .
Deep understanding of vulnerability management disciplines, including attack surface management, CIS benchmarks, exposure management, and risk-based prioritisation .
Experience designing, implementing, and maturing vulnerability management programmes.
Knowledge & Mindset
Familiarity with security frameworks such as NIST CSF, ISO 27001, and OWASP .
Understanding of regulatory and compliance requirements, including GDPR, NIS2, CE+, and ONR .
A continuous improvement mindset, with a passion for learning and strengthening security posture.
For full details please contact Tim Philpotts at Morson
TPBN1_UKTJ