Vulnerability Management Lead

Datavant is a data logistics company for healthcare whose products and solutions enable organizations to move and connect data securely. We are a data logistics company for healthcare whose products and solutions enable organizations to move and connect data securely. Datavant has a network of networks consisting of thousands of organizations, more than 70,000 hospitals and clinics, 70% of the 100 largest health systems, and an ecosystem of 500+ real-world data partners.

By joining Datavant today, you’re stepping onto a highly collaborative, remote-first team that is passionate about creating transformative change in healthcare. We hire for three traits: we want people who are smart, nice, and get things done. We invest in our people and believe in hiring for high-potential and humble individuals who can rapidly grow their responsibilities as the company scales. Datavant is a distributed, remote-first team, and we empower Datavanters to shape their working environment in a way that suits their needs.

The Vulnerability Management Lead/Manager holds a pivotal role in safeguarding our organization's technology assets by overseeing the development and implementation of a comprehensive Vulnerability Management program. This program aims to identify, assess, and rectify vulnerabilities in both production and enterprise assets, ensuring the organization's security posture remains robust. The ideal candidate will possess a combination of technical expertise, leadership abilities, a deep comprehension of vulnerability management best practices and a desire to work smart and hard.

You will:

• Build and maintain a comprehensive vulnerability management program aligned with industry standards and best practices. Procure, implement and manage the platforms/tools necessary to achieve this goal.
• Develop and maintain policy, guidelines and procedures for team internal, asset owners and partner teams. 
• Collaborate cross-functionally with teams including IT/Enterprise, Security/Compliance, Engineering/Production and Leadership, ensuring vulnerabilities are addressed expeditiously and effectively.
• Aggregate vulnerability assessment results from partner teams, utilizing a combination of automated tools and manual reviews to identify potential weaknesses in systems, networks, and applications.
• Prioritize vulnerabilities based on severity, risk level, and potential impact on the organization's operations and reputation.
• Facilitate remediation plans for identified vulnerabilities, collaborating with asset owning teams to ensure timely resolution.
• Monitor and track the progress of vulnerability remediation efforts, providing regular reports to management on the overall effectiveness of the program.
• [Manage] and lead a team of vulnerability management professionals, fostering a culture of continuous improvement and knowledge sharing.
• Stay abreast of emerging threats, vulnerabilities, and mitigation techniques through ongoing research and professional development.

What you will bring to the table:

• Bachelor's degree in computer science, information technology, or a related field.
• Five or more years of hands-on experience in vulnerability management in both production and enterprise asset environments.
• [Manager]Demonstrated ability to lead and manage a team of security professionals, driving collaboration and achieving results.
• Excellent communication and interpersonal skills to engage effectively with stakeholders at all levels of the organization.
• Strong analytical and problem-solving abilities to identify and resolve complex vulnerability issues.
• Familiarity with industry-standard vulnerability management tools and technologies, including vulnerability scanners, threat intelligence platforms, and patch management systems.
• Understanding of relevant industry standards and regulations, such as PCI DSS, ISO 27001, NIST Cybersecurity Framework, HITRUST, FEDRAMP and HIPAA. 

Bonus points if:

• Experience with security risk assessment and management, including threat modeling and risk analysis.
• Familiarity with incident response and disaster recovery procedures.
• Knowledge of cloud security and DevSecOps practices, including secure software development methodologies and cloud security controls.
• Certifications in vulnerability management or information security, such as CISSP, CISM, or OSCP.
• Preferred experience with AWS, Azure, Crowdstrike, Tenable, SonarCube, Wiz

We are committed to building a diverse team of Datavanters who are all responsible for stewarding a high-performance culture in which all Datavanters belong and thrive. We are proud to be an Equal Employment Opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity, religion, national origin, disability, veteran status, or other legally protected status.

Our compensation philosophy is to be externally competitive, internally fair, and not win or lose on compensation. Salary ranges for this position are developed with the support of benchmarks and industry best practices. 

We’re building a high-growth, high-autonomy culture. We rely less on job titles and more on cultivating an environment where anyone can contribute, the best ideas win, and personal growth is driven by expanding impact. The range posted is for a given job title, which can include multiple levels. Individual rates for the same job title may differ based on their level, responsibilities, skills, and experience for a specific job. The estimated salary range for this role is $144,500 - $190,000.

At the end of this application, you will find a set of voluntary demographic questions. If you choose to respond, your responses will be anonymous and used to help us identify areas of improvement in our recruitment process. (We can only see aggregate responses, not individual responses. In fact, we aren’t even able to see if you’ve responded or not.) Responding is your choice and it will not be used in any way in our hiring process.