The organisation is the IT operator for a large francophone public sector, responsible for infrastructure, applications and cybersecurity across multiple government administrations. This Vulnerability Manager role exists to professionalise vulnerability management using ServiceNow Vulnerability Response and integrated scanners such as Rapid7, focusing on Linux, Windows, middleware and network components.
The mission
The programme aims to improve the organisation's vulnerability posture at scale, centralising detection and remediation reporting in ServiceNow. The current landscape includes multiple scanner feeds, a CMDB maintained under ITIL practices, and a remediation ecosystem spanning server teams, middleware owners and application teams; the work matters because it reduces exposure across hundreds of production systems and supports NIS2 compliance activities.
Day to day you will lead the transversal governance of vulnerability handling, run the ServiceNow Vulnerability Response instance as the single source of truth, and produce consolidated dashboards for management. You will coordinate work between Linux and Windows operations, middleware and database teams, vulnerability analysts and change managers, act as escalation point for blocked remediations, and propose process improvements to reduce noise and repeat findings.
Your responsibilities
- Drive measurable reduction of critical vulnerabilities by defining remediation priorities, tracking remediation SLAs and escalating blockers to managers.
- Lead the configuration and data quality of ServiceNow Vulnerability Response, ensuring scanner results (for example from Rapid7) map correctly to assets and tickets.
- Produce and deliver regular management reporting and dashboards that show exposure trends, exception justifications and remediation performance.
- Coordinate cross-team remediation workflows, clarifying responsibilities between server, middleware and application owners and the security team.
- Analyse recurring detection noise and propose process changes to reduce false positives, unnecessary exceptions and orphaned components.
- Recommend and document governance, roles and procedures to stabilise the vulnerability management lifecycle.
Your profile
Essential skills
- Proven experience managing vulnerability programmes in a complex, multi-team environment, covering Linux, Windows and middleware components.
- Practical knowledge of Vulnerability Management and Vulnerability Response processes, able to formalise SLAs, exception rules and escalation paths.
- Hands-on experience with ServiceNow as a remediation and tracking platform, including building reports and dashboards.
- Ability to interpret scanner output (e.g. Rapid7) and improve data quality between scanners and ServiceNow.
- Strong stakeholder coordination and clear managerial reporting skills, able to influence technical teams and ITIL owners.
Preferred skills
- Direct experience with ServiceNow Vulnerability Response configuration and integrations.
- Familiarity with Rapid7 integrations, CMDB reconciliation and basic NIS2 requirements.
Education
- Degree in IT, cybersecurity or equivalent professional experience.