Crypto.com was founded in 2016 on a simple belief: it’s a basic human right for everyone to control their money, data and identity. With over 10+ million users on its platform today, Crypto.com provides a powerful alternative to traditional financial services, turning its vision of “cryptocurrency in every wallet” into reality, one customer at a time. Crypto.com is built on a solid foundation of security, privacy and compliance and is the first cryptocurrency company in the world to have CCSS Level 3, ISO27001:2013 and PCI:DSS 3.2.1, Level 1 compliance. Crypto.com is with a 2500+ strong team globally. For more information, please visit www.crypto.com.
Crypto.com is seeking an experienced Vulnerability Management & Configuration Management leader to join our high-performing and agile team. This role has the direct responsibility for developing a Vulnerability Management and Configuration Management program, providing mentorship and leading risk mitigation, threat identification, vulnerability prioritization, development of remediation plans, and goal setting business units on how to achieve overall risk reduction.
- Develop a Vulnerability Management and Configuration Management (VCM) program – from Asset Management, Data Classification Management, Change Management, Configuration Auditing to Vulnerability Identification, Patch testing and Remediation
- Lead global security and operations teams to reduce the threat footprint of infrastructure and systems
- Collaborate closely with the security compliance team to acquire the compliance and regulation requirements and ensure the program fulfill the their needs
- Develop the vision, capability roadmap, and plans for the continuous improvement of the vulnerability and asset management program
- Manage the executive and tactical metrics that speak to the efficacy of the program
- Deliver presentations to leadership and the extended team regarding the state of the program
- Assist in development and implementation of information security vulnerability management policies, procedures, and standards based of frameworks like NIST SP800-53
- Develop the integration and automation strategy around multiple VM toolsets
- Work closely with the Security Engineering team to come up with security baseline configurations
- Perform regular vulnerability, configuration and web application scans
- Provide weekly/monthly/quarter/annual vulnerability & configuration management report
- Evaluate scanning and consolidation tools to facilitate the VCM program
- 6+ years in information security experience
- 3+ years in vulnerability management experience
- Strong leadership experience in a large and global enterprise environment
- Demonstrated experience successfully leading Vulnerability Management programs
- Depth of experience with vulnerability assessment and reporting including comprehensive understanding of vulnerability management methodologies, procedures, and infrastructure vulnerability scanning solutions for on premise and cloud (e.g., Azure, AWS, GCP, etc.)
- Familiar with common tools used in the VM lifecycle like ITSM, CMDB, etc.
- Depth of experience of using vulnerability scanning tools like Qualys, Tenable, etc.
- Knowledge of compliance requirements like PCI-DSS, NIST, SOC2, etc.
- Ability to adapt to a dynamic environment and changing business requirements
- Highly collaborative, successful in a matrixed and geographically diverse environment
- Ability to lead others and independently contribute successes
- Industry recognized certifications such as CISSP, CISM, CISA, GEVA, etc.
- We offer an attractive compensation package working in a cutting-edge field of combining cryptocurrency and financial services.
- Huge responsibilities from Day 1. Be the owner of your own learning curve. The possibilities are limitless and depend on you.
- You get to work in a very dynamic environment and be part of an international team.
- Flexible working