IT Security Technical Lead

• IT Security Technical Lead – Vulnerability Management responsible for developing, leading, and continuously improving the enterprise-wide Vulnerability Management and Security Assessment program
• This role ensures that vulnerability management across systems, applications, and clouds are identified, assessed, prioritized, and remediated alignment with business risk and compliance objectives.
• The successful candidate will combine technical expertise, strategic oversight, and leadership skills to drive a measurable reduction in organizational risk while supporting Quest Diagnostics mission to protect data, systems, and customer

• Lead the global Vulnerability Management program, including policy management, scanning, reporting, and remediation tracking.
• Design and maintain a comprehensive Vulnerability Management framework aligned with NIST, HIPAA, PCI, SOX, & etc.
• Lead rapid assessment and remediation efforts for Zero day vulnerabilities, including immediate impact analysis, exploitability review, and prioritization based on business risk.
• Server as Subject Matter Expert (SME) for Qualys, or similar scanning platforms – ensuring accurate detection, prioritization, and reporting of vulnerabilities.
• Partner and Infrastructure, Application, and Risk Teams to coordinate assessment and remediation activities across diverse environments.
• Define and monitor metrics and KPIs to evaluate program effectiveness and communicate progress to Senior leadership.
• Develop and maintain dashboard and reports highlighting trends, remediation SLA performance and residual risk posture
• Conduct ad-hoc vulnerability assessments and provide risk-based recommendations for remediation and mitigation
• Provide consultancy and guidance on Vulnerability risk, Security exception, and compensating controls to technical and business stakeholders.
• Support security compliance efforts by ensuring timely remediation of vulnerabilities tied to audit findings and regulatory frameworks (HIPAA, PCI, SOX).
• Develop and deliver training, workshops, and awareness sessions to improve understanding and accountability across teams.
• Continuously evaluate and implement process and automation improvement to enhance efficiency and reporting accuracy.
• Conduct network penetration testing for PCI environment using CoreImpact (Fortra) or similar tools to validate security controls and achieve regulatory compliance.

Required Work Experience:

• Bachelor’s degree in computer science information security, or related discipline
• Minimum 7 years if experience in IT Security, including 3+ years leading a Vulnerability or Threat management program
• Proven experience with Qualys, Tenable, Wiz or equivalent vulnerability management tools.
• Hands on experience performing network penetration testing for PCI environments or equivalent
• Strong understanding of CVSS, CVE, & CWE
• Familiarity with remediation strategies across Windows, Linux Network, and Cloud environments
• Excellent Communication and stakeholder management skills with ability to convey risk to both technical and non-technical audiences.
• Certifications such as CISSP, CISM, CISA, GPEN, or Qualys VMDR specialist
• Experience in regulated industries (Healthcare, Financial or Life Sciences)
• Familiarity with ServiceNow, Archer, or similar GRC platforms for exception and risk tracking
• Experience leading and mentoring security engineers, specialists, or analysts.

Preferred Work Experience:

• Develop and maintain custom scripts and API integrations to automate and streamline reporting and remediation workflows.
• Leverage Qualys CAR (Custom Assessment and Remediation) and optimize for efficient remediation and scanning.