Threat and Vulnerability Program Manager

Georgetown University comprises two unique campuses in the nation’s capital. With the Hilltop Campus located in the heart of the historic Georgetown neighborhood, and the Capitol Campus, just minutes from the U.S. Capitol and U.S. Supreme Court, Georgetown University offers rigorous academic programs, a global perspective, and unparalleled opportunities to engage with Washington, D.C. Our community is a close-knit group of remarkable individuals driven by intellectual inquiry, a commitment to social justice, and a shared dedication to making a difference in the world.

Requirements

Job Overview

The Threat and Vulnerability Program Manager is a key role within the University Information Security Officer (UISO). This role leads and matures Georgetown’s enterprise-wide cyber threat and vulnerability management program, covering cloud, on-premises infrastructure, and application environments. The manager is responsible for directing the identification, classification, reporting, and remediation of external and internal cyber threats and vulnerabilities, ensuring alignment with GU’s broader cybersecurity strategy.

This position requires deep collaboration across cloud engineering, IT infrastructure, application development, and third-party service providers to effectively reduce the organization’s risk exposure. The manager will work closely with UISO, Network Operations, Server Operations, End-Point management and business unit leaders to ensure strategic and tactical vulnerability risk mitigation efforts align with enterprise goals.

VULNERABILITY OVERSIGHT

• Lead GU’s program for managing vulnerabilities across on-prem infrastructure, cloud and applications; guiding the process from finding vulnerabilities, to mitigating risk.

• Manage GU’s vulnerability scanners and MSSP to make sure scans are thorough and results are prioritized by how risky they are; assist and direct the process of resolving vulnerabilities and report on the status; and verify that the actions taken to fix them are working

• Analyze Security Findings to evaluate the effectiveness of existing security measures and recommend improvements

• Drive vulnerability remediation with asset owners inline with established risk mitigation SLA’s.

• Incorporate vulnerability risk into the broader GU risk oversight framework, continuously evaluating the risk associated with the state of remediation SLA compliance.

• Oversee vulnerability scanning activities across the enterprise, including automated, authenticated, and manual assessments.

• Define and apply risk-based classification standards for vulnerabilities using CVSS and contextual asset/business impact.

• Maintain dashboards and reporting for vulnerability risk metrics.

• Establish SLAs for remediation, drive accountability, and verify remediation effectiveness.

• Integrate vulnerability management into broader risk oversight and UISO governance.

• Collaborate with DevSecOps, product engineering, and infrastructure teams to embed remediation into operational workflows.

• Provide briefings on Vulnerability Analyst/Findings

Duties include but are not limited to:

• Drives necessary security changes through steering groups and control (review) boards to meet Risk Management milestones

• Develops risk mitigation strategies that contribute to the effectiveness, efficiencies, and performance outcomes for strategic projects, program goals, and business processes.

• Evaluate security solutions and implementation strategies for Program IT systems and services and maintain operational security posture of development, integration, and deployed capabilities. 

• Stay updated to the latest security threats, vulnerabilities and industry best practices to enhance our security framework

Work Interactions

The Threat and Vulnerability program manager will report directly to the Director of Cybersecurity Risk Management. They will work closely with the CISO and external partners, vendors, and federal agencies. Interaction and coordination with various teams across the university will be required.

Requirements and Qualifications

• 10 years of cybersecurity experience, with 3 to 5 years in vulnerability management

• Strong expertise across cloud (AWS, Azure, GCP), on-premise, and application environments

• Experience with tools such as Tenable, and native cloud scanning technologies

• Strong knowledge of risk frameworks (e.g., NIST, ISO, CVSS)

• Bachelor’s degree in Computer Science, Engineering, Cyber Security, or related experience

• Excellent analytical, communication, and stakeholder engagement skills

• Bachelor’s degree in related field, such as Business, IT, Computer Science or related experience

• Knowledge of IP network infrastructure (firewalls, intrusion detection/prevention), access control, data encryption and on-prem and cloud security

• Excellent communication skills, including the ability to communicate effectively in English, both written and verbal

• Ability to present complex topics in clear, non-technical language

• Ability to work collaboratively within team and across business and technology functions

• Detail-oriented individual with critical thinking, analytical, and problem-solving skills

• Demonstrated ability to be proactive and take ownership of and solve problems

• Ability to handle multiple assignments concurrently within an iterative environment

• Deep capability in applying risk principles to the business environment. Ability to clearly articulate risk concepts and results to business leaders and navigate collaborative and informed decision making.

• Can effectively connect with both technical and non-technical staff. Ability to translate sophisticated technical concepts into plain English and present them in a way that decision-makers can understand.

• Positive influencing skills both verbally and through the preparation of written materials in order to build relationships, influence and negotiate.

• Strong project management and delegation skills in prioritizing and reprioritizing projects of various size and complexity across multiple functional groups and departments.

Preferred Requirements and Qualifications

• One or more of the following certifications such as: CISSP, CRISC, CISA, CompTIA CySA+

• 5+ years of prior experience in a related field (media, entertainment, business development or streaming services industry experience a plus)

• Familiarity with streaming and similar products/services

• Experience working in a national, global company, Federal agency, or a major university

• Proficiency in vulnerability scanning tools and understanding of common vulnerabilities

Work Mode Designation

This position has been designated as Remote. Please note that work mode designations are regularly reviewed in order to meet the evolving needs of the University.  Such review may necessitate a change to a position’s mode of work designation. Complete details about Georgetown University’s mode of work designations for staff positions can be found on the Department of Human Resources website: https://hr.georgetown.edu/mode-of-work-designation.

Pay Range:

The projected salary or hourly pay range for this position which represents the full range of anticipated compensation is:

Compensation is determined by a number of factors including, but not limited to, the candidate’s individual qualifications, experience, education, skills, and certifications, as well as the University’s business needs and external factors.

Current Georgetown Employees:

If you currently work at Georgetown University, please exit this website and login to GMS (gms.georgetown.edu) using your Net ID and password. Then select the Career worklet on your GMS Home dashboard to view Jobs at Georgetown.

Submission Guidelines:

Please note that in order to be considered an applicant for any position at Georgetown University you must submit a resume for each position of interest for which you believe you are qualified. Documents are not kept on file for future positions.

Need Assistance:

If you are a qualified individual with a disability and need a reasonable accommodation for any part of the application and hiring process, please click here for more information, or contact the Office of Institutional Diversity, Equity, and Affirmative Action (IDEAA) at 202-687-4798 or ideaa@georgetown.edu.

Need some assistance with the application process? Please call 202-687-2500. For more information about the suite of benefits, professional development and community involvement opportunities that make up Georgetown's commitment to its employees, please visit the Georgetown Works website.

EEO Statement:

GU is an Equal Opportunity Employer. All qualified applicants are encouraged to apply, and will receive consideration for employment without regard to age, citizenship, color, disability, family responsibilities, gender identity and expression, genetic information, marital status, matriculation, national origin, race, religion, personal appearance, political affiliation, sex, sexual orientation, veteran status, or any other characteristic protected by law.

Benefits:

Georgetown University offers a comprehensive and competitive benefit package that includes medical, dental, vision, disability and life insurance, retirement savings, tuition assistance, work-life balance benefits, employee discounts and an array of voluntary insurance options. You can learn more about benefits and eligibility on the Department of Human Resources website.