Security Vulnerability Lead

Job Title: Security Vulnerability Lead

Location: Hybrid London or Newcastle, UK

DXC’s Insurance Software and BPS business provides a range of software and services to the global insurance market including life, wealth, health, commercial and speciality, property and casualty, and reinsurance. DXC is also a key partner of the London Market, providing digital transformation and outsourcing services.

DXC’s insurance business has 13,000 domain experts serving 2,000 insurance customers operating in over 100 countries worldwide.

Role Overview

This is a dedicated account-level role responsible for leading vulnerability management across both heritage and digital IT estates within the London Markets account. The successful candidate will be tasked with rebuilding the vulnerability management program from the ground up, ensuring robust coverage, effective remediation coordination, and continuous improvement.

Key Responsibilities

Strategic Leadership

• Refresh and redesign the vulnerability management framework for the account.
• Define success criteria and establish KPIs for vulnerability management effectiveness.
• Lead continual improvement initiatives and manage the program roadmap.

Operational Oversight

• Oversee vulnerability identification, assessment, and reporting across the estate.
• Ensure vulnerability scanning tools are properly configured, integrated, and provide adequate coverage.
• Maintain and publish regular reports on vulnerability status, trends, and aged backlog.

Remediation Coordination

• Collaborate closely with the Remediation Manager to drive timely resolution of vulnerabilities.
• Address aged vulnerabilities and align remediation efforts with business priorities.
• Review vulnerabilities accepted as risk and re-evaluate remediation opportunities.

Governance and Compliance

• Develop and maintain vulnerability management policies, standards, and procedures.
• Support internal and external audits with documentation and evidence.
• Ensure alignment with regulatory requirements and industry best practices.

Stakeholder Engagement

• Act as the central point of contact for vulnerability-related issues.
• Educate stakeholders on risks, remediation strategies, and tool usage.
• Provide executive-level summaries and technical reports to leadership.

Key Challenges

• Establishing a baseline for tool functionality and coverage across legacy and modern platforms.
• Producing a clear management view of vulnerabilities by component (OS, DB, middleware, etc.).
• Coordinating across delivery teams and technical owners to ensure accountability and progress.
• Implementing a vulnerability matrix to track patching schedules, ownership, and compliance.

Educational & Professional Requirements

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field.
• Preferred: Master’s degree or relevant certifications (e.g., CISSP, CISM, CRISC, GIAC).
• Experience in vulnerability management or related security domains.
• Proven experience managing teams and driving security improvement programs.

Desirable Skills

• Strong understanding of vulnerability scanning tools (e.g., Qualys, Prisma Cloud, AWS GuardDuty).
• Familiarity with patch management processes and SLAs.
• Excellent communication and stakeholder management skills.
• Analytical mindset with ability to prioritize risks and align with business impact.

What we can offer you:

• Competitive Compensation & Pension Scheme – Rewarding your expertise while securing your future.
• Comprehensive Benefits Package – Including DXC Select, Perks at Work, and incentive programs for exclusive savings and rewards.
• Continuous Learning & Development – Access to upskilling opportunities, career growth resources, and industry-leading training.
• Lifestyle Perks – Enjoy options like the Salary Sacrifice Car Scheme and more.