AVP, Threat and Vulnerability Management jobs in United States
cer-icon
Apply on Employer Site
company-logo

Sun Life · 4 hours ago

AVP, Threat and Vulnerability Management

positionWellesley, MA
timeFull-time
remoteHybrid
seniorityDirector/Executive
money$145K/yr - $235K/yr
date15+ years exp

Sun Life is a company focused on making life brighter for clients and communities. The AVP, Global Threat & Vulnerability Management will lead the global capability for identifying, assessing, prioritizing, and mitigating cyber vulnerabilities and threats across the enterprise, overseeing multiple sub-disciplines to ensure a resilient security posture.

FinanceFinancial ServicesInsurance
check
Culture & Values
check
H1B Sponsor Likelynote

Responsibilities

You are the Responsible Person/Contact for the enterprise Vulnerability Management Directive, overseeing the entire vulnerability lifecycle across Sun Life: identification, prioritization, reporting, remediation governance, and compliance monitoring
Your VM program encompasses:
Internal and external vulnerability scanning
Database scanning
Security Scorecard monitoring
Threat‑intel‑driven vulnerability monitoring
Classification of vulnerabilities and zero‑day response
Audit, Client and Regulatory responses
Management of platforms related to Vulnerability Management
Produce Senior Leadership and Executive Reporting for all areas of Vulnerability Management
You oversee the Cyber Threat Intelligence (CTI) and Cyber Threat Hunting (CTH) function responsible for:
Lead the collection, analysis, and operationalization of internal and external threat intelligence
Monitoring global threats affecting Sun Life brands, staff, infrastructure, and clients
Identifying indicators of compromise, campaign activity, and attacker behaviors
Producing actionable threat briefings for Security teams, Technology Risk, and senior leadership
Maintain relationships with intelligence‑sharing communities, industry groups, and government partners
Ensure threat intelligence directly informs detection engineering, vulnerability prioritization, and offensive testing
Perform continuous Threat Hunting activities based on Cyber Threat Intelligence and internal Red/Blue team information
Develop and refine use cases based on threat intelligence and work with Security Operations and Engineering teams to implement for alerting to Defensive Security teams
You lead the Offensive Security (Red Team) program, which conducts:
Application, network, social engineering, and physical penetration tests
Adversary emulation engagements
Intelligence Led Penetration Testing
Executes Security Control validation testing to ensure coverage and identify gaps across security controls
Ensure offensive testing aligns with threat intelligence and focuses on high‑risk assets and emerging attack vectors
Partner with technology teams to validate remediation effectiveness
Translate offensive findings into prioritized remediation actions and long‑term security improvements
You lead the Defensive Security (Blue Team) program, which:
Responds to detections from security controls
Ensure defensive capabilities evolve based on threat intelligence and offensive testing results
Partner with Offensive Security, Cyber Threat Intelligence and Security Operations to enhance detection coverage, reduce dwell time, and improve alert fidelity
You lead the Security Incident team which:
Responds to security incidents and takes appropriate actions
Govern the maturity of incident response processes, playbooks, and readiness exercises
Ensure consistent, high‑quality incident handling with clear communication and post‑incident reviews
Oversee application security scanning capabilities including static, dynamic, software composition and mobile analysis
Partner with DevOps teams to ensure application security capabilities are integrated into DevOps pipelines
Identify systemic application security weaknesses and drive long‑term remediation strategies
Provide secure development guidance and support targeted developer training in partnership with the AVP of Security Initiatives, Training & Awareness
Ensure application security findings are integrated into enterprise vulnerability reporting
Leads Sun Life’s Application Security Testing function, owning the strategy, execution, and continuous improvement of the enterprise testing framework
Ensure critical applications have penetration testing performed on an annual basis
Ensures results are consistent, high‑quality, repeatable, and meet enterprise governance expectations
Drives adoption of advanced testing approaches, including AI‑assisted vulnerability remediation and testing enhancements
Partner with:
Security Engineering & Advisory on architecture alignment, secure design, and technical remediation
Technology Risk & Compliance to ensure alignment with regulatory expectations, audit requirements, and risk frameworks
Security Governance & Client Programs to support client assurance, governance reporting, and due diligence
Security Initiatives, Training & Awareness to develop training based on recurring vulnerability, threat, and AppSec trends
Security Operations to enhance detection, response, and threat hunting capabilities
Define KPIs, KRIs, and dashboards that measure vulnerability exposure, application security maturity, remediation performance, and threat trends
Deliver regular briefings to senior leadership, risk committees, and the board
Translate complex technical risks into clear business impacts and recommended actions
Provide transparent reporting on remediation performance, threat landscape changes, and exposure reduction progress
Provide updates to regulatory bodies regarding the security posture or any related incidents

Qualification

Vulnerability ManagementThreat IntelligenceApplication SecurityRed Team OperationsBlue Team OperationsCybersecurity ExperienceVulnerability Scanning ToolsPenetration TestingSecure Coding PracticesCloud SecurityDevSecOps PrinciplesAutomation ExperienceCyber Risk QuantificationCloud-Native Security ToolingLeadership ExperienceTrust BuildingContinuous ImprovementInfluencing SkillsRegulatory Evidence PreparationCommunication SkillsDecision-Making Skills

Required

15+ years of cybersecurity experience, with deep expertise in vulnerability management, threat intelligence, application security, or offensive/defensive security
Proven leadership experience managing technical teams and enterprise‑scale security programs
Strong understanding of vulnerability scanning tools, AppSec testing platforms, cloud security, and threat intelligence technologies
Demonstrated expertise in Red and Blue Team operations, including hands‑on knowledge of adversary emulation, penetration testing (web, network, cloud), threat hunting, incident detection and response, malware analysis, and validation of security controls across complex enterprise environments
Deep understanding of secure coding practices, shift left practices, application security capabilities, CI/CD pipelines, and DevSecOps principles
Experience working in regulated industries and supporting audits, regulators, and client assurance programs
Excellent communication skills with the ability to influence senior executives and technical teams
Demonstrated ability to lead through complexity, ambiguity, and rapid change
Certifications such as CISSP, CISM, GIAC, OSCP, GCTI, or CSSLP
Experience with automation, secure SDLC, and large‑scale application security programs
Background in cyber risk quantification or exposure analytics
Experience with cloud‑native security tooling and modern application architectures

Benefits

Flexible hybrid work model.
Pension, stock and savings programs to help build and enhance your future financial security
Work and professional development that is united by our Purpose: to help Clients and Employees achieve lifetime financial security and live healthier lives
A friendly, collaborative and inclusive culture
Be part of our continuous improvement journey in developing the next greatest digital enterprise experience.
Competitive salary and bonus structure influenced by market range data
The opportunity to move along a variety of career paths with amazing networking potential

Company

Sun Life

twittertwittertwitter
Glassdoor4.1
company-logo
Sun Life is a leading financial services organization dedicated to helping people achieve lifetime financial security and live healthier lives.
dateFounded in 1865
location
Toronto, Ontario, CAN
people-size10001+ employees
web-link
https://www.sunlife.com.vn/vn/

H1B Sponsorship

Sun Life has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (22)
2024 (27)
2023 (18)
2022 (18)
2021 (12)
2020 (13)

Funding

Current Stage
Public Company
Total Funding
$1.05B
2024-05-13Post Ipo Debt· $548.79M
2023-07-04Post Ipo Debt· $500M
2000-03-24IPO

Leadership Team

leader-logo
Kevin Strain
President & CEO
linkedin
leader-logo
Luc Nhon Ly
Chief Executive Officer
linkedin

Recent News

MarketScreener
Sun Life says co to issue $1 billion debentures in Canada
2025-12-02
MarketScreener
TSX futures steady as bank earnings loom
2025-12-02
South China Morning Post
Sun Life aims for global growth with new asset management hires
2025-11-27
Company data provided by crunchbase