Threat & Vulnerability Manager

Threat & Vulnerability Manager

Key Accountabilities / Responsibilities:
 Management of Kingfisher’s global vulnerability posture, from identification
through to remediation.
 In conjunction with our security architects, has product ownership for
Kingfisher’s vulnerability management tooling.
 Improving Kingfisher’s global security posture through driving successful
remediation efforts with internal and external teams responsible for
infrastructure and applications.
 Producing monthly metrics and KPI’s evidencing analysis of vulnerability risk
and remediation progress.
 Chairing Vulnerability Management forums.
 Providing leadership and direction to the global Kingfisher community on all
aspects of vulnerability management across user endpoints, servers,
networks and applications, on-premise and multi-cloud environments.
 Driving and supporting threat modelling to anticipate and mitigate potential
threats to Kingfisher systems.
 As a subject matter expert, proactively identifying and driving technical,
process or organisational improvements to Kingfisher’s global vulnerability
management capability, i.e. scopes, prioritises and leads service
improvement initiatives for vulnerability management platforms and
management processes.
 Responsible for assurance of all BAU vulnerability management processes
managed by Kingfisher Security Operations or by our nominated MSSP’s.
 Identifying new and emerging threats and vulnerabilities relative to the
Kingfisher environment, and for coordinating response actions relative to the
urgency of the threat.
Vulnerability Identification:
 Utilise enterprise vulnerability management tools to constantly assess and
inform understanding of Kingfisher’s global vulnerability risk.
 Ensure alignment between Vulnerability and Asset Management (e.g. timely
identification of new application or infrastructure assets).
 Monitor vendor updates, blogs, commercial and OSINT feeds for new and

Required Skills & Experience:
 Proven experience working in an enterprise-wide vulnerability management
position, in a complex, global environment
 Professional certification such as CISSP, CCSP or other technical security
credentials.
 Depth of knowledge in recognised international security standards.
 Working knowledge of compliance requirements for GDPR, PCI DSS and the
UK Data Protection Act.
 Knowledge of threat modelling practices across Infrastructure, Networking,
Application, AI & Cloud technologies (e.g. STRIDE, PASTA, MAESTRO,
MITRE Atlas).
 Working knowledge of public/private cloud technologies and providers.
 Strong knowledge of networking fundamentals and policy driven controls.
 Good systems administration knowledge of Windows, Linux and networking
platforms.
 Good understanding of Web Application Security frameworks, common
vulnerabilities and associated remediations.