Director, Vulnerability Management

*Must work a hybrid schedule (3 days onsite) out of our Atlanta office.*

THE JOB

The Director, Vulnerability Management is a key leadership role within the Global Information & Content Security (GICS) team. This role leads and matures WBD’s enterprise-wide vulnerability management Center of Excellence (CoE) program, covering cloud, on-premises infrastructure, and application environments. The Director is responsible for directing the identification, classification, reporting, and remediation of vulnerabilities, ensuring alignment with WBD’s broader cybersecurity strategy.

This position requires deep collaboration across cloud engineering, IT infrastructure, application development, and third-party service providers to effectively reduce the organization’s risk exposure. The Director will work closely with GICS and business unit leaders to ensure strategic and tactical vulnerability risk mitigation efforts align with enterprise goals.

VULNERABILITY OVERSIGHT

• Lead WBD’s program for managing vulnerabilities across on-prem infrastructure, cloud and applications; guiding the process from finding vulnerabilities, to mitigating risk.

• Manage WBD’s MSSP to make sure scans are thorough and results are prioritized by how risky they are; assist and direct the process of resolving vulnerabilities and report on the status; and verify that the actions taken to fix them are working.

• Drive vulnerability remediation with asset owners inline with established risk mitigation SLA’s.

• Incorporate vulnerability risk into the broader GICS risk oversight framework, continuously evaluating the risk associated with the state of remediation SLA compliance.

• Oversee vulnerability scanning activities across the enterprise, including automated, authenticated, and manual assessments.

• Define and apply risk-based classification standards for vulnerabilities using CVSS and contextual asset/business impact.

• Maintain dashboards and reporting for vulnerability risk metrics.

• Establish SLAs for remediation, drive accountability, and verify remediation effectiveness.

• Integrate vulnerability management into broader risk oversight and GICS governance.

• Collaborate with DevSecOps, product engineering, and infrastructure teams to embed remediation into operational workflows.

STRATEGIC LEADERSHIP

• Translate vulnerability risk insights into strategic decisions and enterprise-wide policies.

• Communicate effectively with senior leadership and executive stakeholders.

• Contribute to the design of cybersecurity strategies by advising on risk reduction priorities related to vulnerability trends.

• Develop metrics to track vulnerability closure rates, aged vulnerabilities, and SLA compliance.

• Drive initiatives that reduce recurring vulnerabilities through root cause analysis.

BUSINESS PARTNERSHIP & ENABLEMENT

• Engage with application, cloud, and infrastructure teams to promote remediation ownership.

• Foster collaboration across business units to ensure alignment between risk mitigation and delivery priorities.

• Support high-visibility business initiatives (e.g., product launches, M&A, live events) by proactively identifying and managing vulnerability risk.

• Provide guidance on secure configuration and preventive controls to limit future vulnerabilities.

The Essentials

• 12+ years of cybersecurity experience, with 5+ years in vulnerability management

• Strong expertise across cloud (AWS, Azure, GCP), on-premise, and application environments

• Experience with tools such as Tenable, Wiz, Brinqa, PowerBi and native cloud scanning technologies

• Strong knowledge of risk frameworks (e.g., NIST, ISO, CVSS)

• Bachelor’s degree in Computer Science, Engineering, or related field

• Excellent analytical, communication, and stakeholder engagement skills

• Bachelor’s degree in related field, such as Business, IT, Computer Science

• Knowledge of IP network infrastructure (firewalls, intrusion detection/prevention), access control, data encryption and on-prem and cloud security

• Excellent communication skills, including the ability to communicate effectively in English, both written and verbal

• Ability to present complex topics in clear, non-technical language

• Ability to work collaboratively within team and across business and technology functions

• Detail-oriented individual with critical thinking, analytical, and problem-solving skills

• Demonstrated ability to be proactive and take ownership of and solve problems

• Ability to handle multiple assignments concurrently within an iterative environment

• Deep capability in applying risk principles to the business environment. Ability to clearly articulate risk concepts and results to business leaders and navigate collaborative and informed decision making.

• Can effectively connect with both technical and non-technical staff. Ability to translate sophisticated technical concepts into plain English and present them in a way that decision-makers can understand.

• Positive influencing skills both verbally and through the preparation of written materials in order to build relationships, influence and negotiate.

• Strong project management and delegation skills in prioritizing and reprioritizing projects of various size and complexity across multiple functional groups and departments.

The Nice to Haves

• One or more of the following certifications: CISSP, CRISC, CISA

• 5+ years of prior experience in a related field (media, entertainment, business development or streaming services industry experience a plus)

• Familiarity with streaming and similar products/services

• Experience working in a national or global company