Security Vulnerability Lead

Job DescriptionJob Title: Security Vulnerability LeadLocation: Hybrid London or Newcastle, UKDXC’s Insurance Software and BPS business provides a range of software and services to the global insurance market including life, wealth, health, commercial and speciality, property and casualty, and reinsurance. DXC is also a key partner of the London Market, providing digital transformation and outsourcing services.DXC’s insurance business has 13,000 domain experts serving 2,000 insurance customers operating in over 100 countries worldwide.Role OverviewThis is a dedicated account-level role responsible for leading vulnerability management across both heritage and digital IT estates within the London Markets account. The successful candidate will be tasked with rebuilding the vulnerability management program from the ground up, ensuring robust coverage, effective remediation coordination, and continuous improvement.Key ResponsibilitiesStrategic LeadershipRefresh and redesign the vulnerability management framework for the account.Define success criteria and establish KPIs for vulnerability management effectiveness.Lead continual improvement initiatives and manage the program roadmap.Operational OversightOversee vulnerability identification, assessment, and reporting across the estate.Ensure vulnerability scanning tools are properly configured, integrated, and provide adequate coverage.Maintain and publish regular reports on vulnerability status, trends, and aged backlog.Remediation CoordinationCollaborate closely with the Remediation Manager to drive timely resolution of vulnerabilities.Address aged vulnerabilities and align remediation efforts with business priorities.Review vulnerabilities accepted as risk and re-evaluate remediation opportunities.Governance and ComplianceDevelop and maintain vulnerability management policies, standards, and procedures.Support internal and external audits with documentation and evidence.Ensure alignment with regulatory requirements and industry best practices.Stakeholder EngagementAct as the central point of contact for vulnerability-related issues.Educate stakeholders on risks, remediation strategies, and tool usage.Provide executive-level summaries and technical reports to leadership.Key ChallengesEstablishing a baseline for tool functionality and coverage across legacy and modern platforms.Producing a clear management view of vulnerabilities by component (OS, DB, middleware, etc.).Coordinating across delivery teams and technical owners to ensure accountability and progress.Implementing a vulnerability matrix to track patching schedules, ownership, and compliance.Educational & Professional RequirementsBachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field.Preferred: Master’s degree or relevant certifications (e.g., CISSP, CISM, CRISC, GIAC).Experience in vulnerability management or related security domains.Proven experience managing teams and driving security improvement programs.Desirable SkillsStrong understanding of vulnerability scanning tools (e.g., Qualys, Prisma Cloud, AWS GuardDuty).Familiarity with patch management processes and SLAs.Excellent communication and stakeholder management skills.Analytical mindset with ability to prioritize risks and align with business impact.What We Can Offer YouCompetitive Compensation & Pension Scheme – Rewarding your expertise while securing your future.Comprehensive Benefits Package – Including DXC Select, Perks at Work, and incentive programs for exclusive savings and rewards.Continuous Learning & Development – Access to upskilling opportunities, career growth resources, and industry-leading training.Lifestyle Perks – Enjoy options like the Salary Sacrifice Car Scheme and more.At DXC Technology, we believe strong connections and community are key to our success. Our work model prioritizes in-person collaboration while offering flexibility to support wellbeing, productivity, individual work styles, and life circumstances. We’re committed to fostering an inclusive environment where everyone can thrive.Recruitment fraud is a scheme in which fictitious job opportunities are offered to job seekers typically through online services, such as false websites, or through unsolicited emails claiming to be from the company. These emails may request recipients to provide personal information or to make payments as part of their illegitimate recruiting process. DXC does not make offers of employment via social media networks and DXC never asks for any money or payments from applicants at any point in the recruitment process, nor ask a job seeker to purchase IT or other equipment on our behalf. More information on employment scams is available here.