Job Details
Contract Type: Permanent
Location: Glasgow or Alderley Park (Wilmslow)
Working Style: Hybrid - 50% from home / 50% office based
Role Overview
Reporting to the Head of Attack Surface Management, the Threat and Vulnerability Manager is accountable for defining,owningandoperatingRoyal London’s enterprise patching and vulnerability management capability. The role ensures vulnerabilities areidentified,prioritised, governed and reported in line with business risk, regulatoryexpectationsand industry best practice, supporting cyber resilience across the Group.
You will lead Royal London’s patching and vulnerability management capability, working closely with operational technology teams and ourpartner resources. Through strong collaboration, clearprioritisationand effective reporting, you will help ensure that vulnerabilities are managed transparently and treated ina timely, riskinformed way, strengthening our overall cyber resilience.
Responsibilities
* Own the enterprise patching and vulnerability management framework, standards, policies, processes, controls and operating model.
* Own the end‑to‑end vulnerability lifecycle including identification, triage, risk‑based prioritisation, remediation tracking and closure.
* Define and manage vulnerability SLAs, KPIs and KRIs aligned to asset criticality, exposure and business impact.
* Provide executive‑level reporting on vulnerability exposure, trends, insights and remediation performance.
* Oversee patching and vulnerability‑related operational controls, ensuring they are documented, tested, evidenced and continuously improved.
* Work closely with technology and service teams to ensure remediation activities are delivered in line with defined SLAs.
* Oversee third‑party providers delivering vulnerability scanning and patching services.
* Support assurance activity, control testing and risk event management related to vulnerability and patching risk.
* Continuously improve processes, controls and tooling supporting Attack Surface Management.
Qualifications
* Strong experience leading vulnerability and patch management in a complex enterprise environment.
* Deep understanding of exposure management, attack surface concepts and risk‑based vulnerability prioritisation.
* Hands‑on experience with vulnerability management tools such as Tenable One.
* Good understanding of operating systems, infrastructure, applications and how vulnerabilities manifest across different asset types.
* Experience defining control frameworks, SLAs and executive reporting.
* Experience working in regulated environments; financial services desirable.
* Comfortable engaging with and influencing senior stakeholders, translating technical findings into clear business risk insights.
* Experience managing third‑party or outsourced service providers.
* Knowledge of cyber security frameworks, standards and good practice, with a continuous improvement mentality.
* Relevant security qualifications (CISSP, CISM or equivalent) beneficial but not essential.
About Royal London
We’re the UK’s largest mutual life, pensions and investment company, offering protection, long‑term savings and asset management products and services.
Our People Promise to our colleagues is that we will all work somewhere inclusive, responsible, enjoyable and fulfilling. This is underpinned by our Spirit of Royal London values; Empowered, Trustworthy, Collaborate, Achieve.
We’ve always been proud to reward employees by offering great workplace benefits such as 28 days annual leave in addition to bank holidays, an up to 14% employer matching pension scheme and private medical insurance.
Inclusion, Diversity and Belonging
We’re an inclusive employer. We celebrate and value different backgrounds and cultures across Royal London. Our diverse people and perspectives give us a range of skills which are recognised and respected – whatever their background.
#J-18808-Ljbffr