HRTMS Job Description Management
| Dir Vulnerability & Threat Mgmt J o b D e s c r i p t i o n | | |
Job Profile Title: | Dir Vulnerability & Threat Mgmt | Job Code: | 12529 | Business_Title | Director Vulnerability & Threat Mgmt | Profile Title: | 12529 Dir Vulnerability & Threat Mgmt | Grade / Band: | L3 | FLSA Status: | Exempt | The Director of Vulnerability & Threat Management is responsible for leading the MGM Resorts International Cyber Security program, which includes the end-to-end delivery of Comprehensive Vulnerability Management, Threat Intelligence, Offensive Security efforts, Red Team, Penetration Testing and SSDLC. The areas of focus include compliance and quality standards across users, developers, cloud, applications, networks, endpoints, and servers. The Director is additionally responsible for managing the Information Security framework to ensure it meets or exceeds regulatory control requirements. The candidate must have experience leading a team responsible for supporting and developing standards and designing reviews to ensure security controls are implemented and mapped to the Threats and Risks prevalent to MGM Resorts International, ensuring that the delivered solutions meet the same standards. The Director of Vulnerability & Threat Management will have a proven track record of delivering quality security services on time, and a background in security and vulnerability best practices, along with processes and tools required to support a successful security services system is required. This position involves working closely with teams across the enterprise, technology, digital, and data. | | | | | |
Principal Duties & Responsibilities | Lead the development and implementation of a robust vulnerability management plan, including detection, reporting, containment, policy enforcement, and remediation. | Lead efforts to conduct regular penetration testing including tabletop exercise in collaboration with Incident Response and engineering teams. | Collaboration with development teams on Secure Software Development Lifecycle (SSDLC) and “shift left” principle. Ensure that the enterprise can catch bugs, vulnerabilities and quality issues as early as possible. | Manage and mentor a team of security analysts specializing in vulnerability management, offensive security and penetration testing. | Setting performance expectations, providing coaching and development opportunities, and fostering a collaborative and high-performing team environment. | Delegating tasks effectively, prioritizing workloads, and ensuring efficient incident response processes. | Identifying training needs and developing programs to enhance the team's skills and knowledge. | Conduct in-depth forensic investigations to identify the root cause of security breaches, collect and analyze evidence, and reconstruct timelines of events. | Collaborate with legal counsel to provide expert support on cybersecurity incidents, including preparing technical reports and assisting with litigation. | Remain informed about evolving cyber threats, vulnerabilities, remediation and containment, incident response best practices, and legal developments impacting cybersecurity. | Develop and deliver training programs to educate employees on cyber threats and incident reporting procedures. |
Required for All Jobs | Performs other job-related duties as requested | Proof of eligibility to work in the United States |
Education | Education Level | Education Details | Required/
Preferred | Bachelor's Degree | | Preferred | | | | | |
Work Experience | Experience | Experience Details | Required/
Preferred | 7+ Years of Prior Relevant Experience | Cyber Security & Vulnerability experience | Required | | | | | |
Additional Requirements | Details | Required/
Preferred | Proven experience leading and managing security teams. | Required | In-depth knowledge of incident response frameworks (e.g., NIST CSF) and best practices. | Required | Experience with vulnerability management methodologies, policies and tools. | Required | Experience in offensive security, penetration testing and red team development. | Preferred | Understanding of SSDLC and “Shift Left” principals. | Preferred | | | |
Knowledge, Skills and Abilities | KSAs | Strong analytical and problem-solving skills to investigate security incidents and identify root causes. | Experience working with legal counsel on cybersecurity matters is a plus. | Excellent communication and collaboration skills to work effectively with technical and non-technical stakeholders. | Experience with Secure Software Development Lifecycle and "Shift Left" is highly desired. | Experience with Penetration testing, "Red Team" and offensive security is highly desired. |
Physical Requirements | A thorough completion of this section is needed for compliance with legal standards such as the Americans with Disabilities Act. The physical requirements described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. | Physical Requirement | N/A | Rarely | Occasionally | Frequently | Constantly | Weight/
w.p.m. | Balancing | | | X | | | | Bending | | | X | | | | Carrying __pounds | | | X | | | | Clear speech - simple | | | | X | | | Clear speech - complex | | | | X | | | Climbing | X | | | | | | Distant vision | | | | X | | | Driving | X | | | | | | Flexibility - upper body | | | X | | | | Flexibility - lower body | | | X | | | | Hearing/Listening | | | | X | | | Kneeling | | X | | | | | Lifting __pounds | | X | | | | | Near vision | | | | X | | | Normal vision | | | | X | | | Pushing/Pulling | | | X | | | | Reaching | | | X | | | | Sitting | | | | X | | | Standing - 5 hours minimum | | | X | | | | Typing __w.p.m. | | | | X | | | Walking | | | | X | | | | | | | | | | | | | | | |
Work Environment | While performing the duties of this job, the associate is required to work within the selected work environments. | Work Environment | N/A | Rarely | Occasionally | Frequently | Constantly | Communication - verbal | | | | X | | Communication - written | | | | X | | Confined area | | X | | | | Contacts - works alone | | | | X | | Contacts - works around others | | | | X | | Contacts - works with others | | | | X | | Exposure to dust / dirt | X | | | | | Exposure to fumes / odors | X | | | | | Extreme cold | X | | | | | Extreme heat | | X | | | | Fast pace | | | | X | | Hazardous conditions - chemicals | X | | | | | Hazardous conditions - high structures | X | | | | | Hazardous conditions - high voltage | X | | | | | Indoors | | | | X | | Noise levels - low to moderate | | | | X | | Noise levels - high | | X | | | | Office conditions | | | | X | | Outdoors | | X | | | | Restricted area | | X | | | | Shifts | | | | X | | Smoke | | | X | | | __% Travel | | | X | | | Wet/Humid | X | | | | | | | | | | | | | | | |
Mental Requirements | While performing the duties of this job, the associate is required to work within the selected mental requirements. | Mental Requirement | N/A | Rarely | Occasionally | Frequently | Constantly | Analytical | | | | X | | Clerical | | | | X | | Comprehension | | | | X | | Crisis incidents | | | | X | | Customer service | | | | X | | Decision making | | | | X | | High pressure | | | | X | | Judgment | | | | X | | Long hours | | | | X | | Math skills - advance | | | | X | | Math skills - basic | | | | X | | Organization | | | | X | | Reading - simple | | | | X | | Reading - complex | | | | X | | Repetition | | | | X | | Tight deadlines | | | | X | | Writing - simple | | | | X | | Writing - complex | | | | X | | | | | | | | | | | | |
|