Apply on Employer Site

Versant Health · 2 weeks ago

Manager, Information Security - Threat Vulnerability & Risk Management

Troy, NY

Full-time

Onsite

Mid, Senior Level

Versant Health is one of the nation’s leading administrators of managed vision care, serving millions of clients’ members nationwide. The Manager, Information Security (Threat, Vulnerability, and Risk Management) is responsible for overseeing the cyber risk and threat landscape, managing a team of analysts, and ensuring the maturity and performance of the enterprise cyber risk management program.

EyewearHealth CareInsurance

H1B Sponsor Likely

Responsibilities

Conduct recurring scans and audit and track mitigation activities through to completion

Conduct both self-assessments and coordinate third party risk assessments of technology infrastructure and operational processes and controls for assigned areas

Conduct scheduled, targeted (in response to advisories and remediation verification) and ad-hoc IT compliance checks and vulnerability scans for the Versant Health global enterprise

Investigate and validate risk levels associated with vulnerabilities identified via vulnerability scanning tools (Tenable, Qualys, Kenna, etc.)

Provide remediation guidance and recommendations and coordinate with Development Operations, IT and other teams as needed to provide oversight to the remediation and/or mitigation of enterprise vulnerabilities

Maintain and improve upon, as necessary, the existing IT and vulnerability management infrastructure, including maintenance of scanning tools, licensing, procedures, reporting, and associated communications (downtimes, upgrades, report changes, etc.)

Find security gaps within our enterprise and systems that would not otherwise be detected by a scanning solution in target systems, networks, and applications in order to help organization to improve existing security controls and mechanisms

Create processes and workflows for all aspects of IT compliance auditing and vulnerability management. Work with cross-functional teams to improve processes, workflows and operational efficiencies

Utilize proven sources to maintain an awareness of prevailing and emerging vulnerabilities to proactively address vulnerabilities as early as possible

Provide recurring and ad-hoc vulnerability reports upon request

Establish appropriate vulnerability management calendar, schedule engagements and track activities to completion. Maintain history of scans and activities for future reference

Lead and mature the enterprise cyber risk management program, ensuring alignment with business objectives, regulatory requirements, and organizational risk appetite

Lead and mature the end-to-end risk scoring methodology, incorporating CVSS, likelihood/impact modeling, FAIR-aligned or semi-quantitative scoring, business context, and environmental modifiers, and compensating controls

Own and maintain the Information Security Risk Register, ensuring risks are accurately documented, tracked, scored, and updated

Implement and maintain governance cadences including monthly risk reviews, cross-functional risk working groups, and executive reporting cycles

Oversee recurring and ad-hoc risk assessments for infrastructure, applications, data flows, business processes, and third-party technologies

Partner with business owners to define risk treatments, mitigation plans, compensating controls, timelines, and acceptance decisions

Facilitate formal risk acceptance processes, ensuring that risk owners understand business impact, alternatives, and required residual-risk documentation

Develop and provide executive-level risk reporting and metrics to leadership, including heat maps, trends, KPIs/KRIs, and remediation status – always framing issues in terms of business impact, probability, and required action. Conduct and oversee risk assessments aligned to major IT controls and security frameworks including NIST CSF, NIST 800-53, SOC 2, ISO 27001/27701, HIPAA Security Rule, CIS Controls, and COBIT

Collaborate with Internal Audit, Compliance, and Enterprise Risk Management functions to ensure integrated risk reporting and consistent scoring methodologies across the organization

Qualification

Vulnerability managementRisk assessmentCyber risk managementSecurity frameworksVulnerability scanning toolsGovernance processesTechnical security testingNetwork security monitoringBusiness acumenExecutive reportingCross-functional collaboration

Required

Experience leading risk programs including identification, scoring, evaluation, and mitigation

Experience owning a risk register, driving governance processes, and partnering with executive stakeholders to influence risk-based decisions

Direct experience with maintaining and utilizing common commercial and open sourced vulnerability scanning and security auditing tools (Nessus, Nexpose, OpenVAS, etc.) in both cloud (virtual machines, AWS, Azure, etc.) and conventional (physical endpoints, servers, etc.) environments

Thorough understanding of network defense technologies, TCP/IP networking, Active Directory, DHCP, DNS, network security monitoring tools, secure engineering principles and technical security testing methodologies

Deep understanding of IT controls and security frameworks including NIST CSF, NIST 800-53, SOC 1/SOC 2, ISO 27001/27002, HIPAA Security Rule, CIS Controls, and COBIT

Ability to assess control design and operating effectiveness in cloud and on-prem environments

Extensive Windows, Mac, Linux and Unix experience including deep knowledge of file system layout, log file analysis, timeline creation, and common configuration deficiencies

Desktop, server, application, database, and network security hardening principles and practices for threat prevention

Experience working as part of a patch management process and a familiarity with patching tools (i.e. SCCM, JAMF, KACE, etc.)

Knowledge of methods for on-going evaluation of the effectiveness and applicability of information security controls (e.g., vulnerability testing, and assessment tools)

Ability to understand information security and information technology risks associated with vulnerability testing, patch management, and secure configuration management

Ability to analyze and prioritize vulnerabilities to appropriately characterize threats and provide remediation advice

Familiarity with classes of vulnerabilities, appropriate remediation, and industry-standard classification schemes (CVE, CVSS, CPE)

Benefits

Health and dental insurance

Tuition reimbursement

401(k) with company match

Pet insurance

No-cost-to-you vision insurance for you and your qualified dependents

Company

Versant Health

Versant Health offers eye health and vision care plan for members, clients, brokers, and eye care professionals.

Founded in 2017

Linthicum Heights, Maryland, USA

1001-5000 employees

https://versanthealth.com/

H1B Sponsorship

Versant Health has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)

Distribution of Different Job Fields Receiving Sponsorship

Represents job field similar to this job

Trends of Total Sponsorships

2025 (3)

2024 (3)

2023 (2)

2022 (6)

2021 (2)

2020 (5)

Funding

Current Stage

Late Stage

Total Funding

unknown

2020-09-17Acquired

Leadership Team

Kia Lindsay

Chief People Officer

Neelam Gor

Chief Clinical Officer

Recent News

PR Newswire

DATA BREACH ALERT: Edelson Lechtzin LLP is Investigating Claims on Behalf of Superior Vision Service Customers Whose Data May Have Been Compromised

2025-10-03

Business Wire

Despite Majority of Americans Struggling with the Impact of Poor Eyesight and Eye Health on Daily Life, More than Half Are Delaying or Avoiding Eye Care

2025-07-01

PR Newswire

Versant Health Names Alan Hirschberg to Executive Leadership Team

2022-04-28

Company data provided by crunchbase