Talenza is exclusively partnering with a leading organisation to secure a Vulnerability Manager.

Join a regulated enterprise environment focused on strengthening cyber resilience, aligning to ISO 27001, Essential Eight ML2+, SOCI and defence obligations.

Reporting to the Cyber GRC and Assurance Manager, you will lead and uplift enterprise vulnerability management across IT and cloud environments.

You will own the end-to-end vulnerability lifecycle, embedding a risk-based and intelligence-led remediation model that drives measurable risk reduction across the organisation.

As the Vulnerability Manager, you will:

* Own and lead the enterprise vulnerability management strategy and execution roadmap
* Optimise and integrate Qualys, CrowdStrike, and Microsoft Defender platforms
* Manage patching standards aligned to ASD Essential Eight ML2+
* Embed AI-driven prioritisation and risk-based remediation workflows
* Define and enforce remediation SLAs based on risk and business impact
* Partner with infrastructure, cloud, and application teams to close critical findings
* Develop executive dashboards, board-level metrics, and vulnerability heatmaps
* Integrate vulnerability controls into CI/CD pipelines and M&A onboarding
* Support audit and regulatory evidence across ISO 27001, DISP, SOCI, and Essential Eight
* Liaise with threat intelligence sources to prioritise emerging risks

* Reduction in critical vulnerabilities outstanding beyond 30 days
* Operational vulnerability risk register and heatmap
* Automated executive reporting integrated into dashboards
* Embedded remediation governance and accountability model
* Patch compliance reporting aligned to Essential Eight ML2

* 8+ years cyber security experience with strong hands-on vulnerability management exposure
* Proven experience configuring and reporting across Qualys, CrowdStrike, and Microsoft Defender
* Practical implementation of ASD Essential Eight to ML2+ (especially patching and application control)
* Experience within regulated or critical infrastructure environments (SOCI, DISP, or equivalent)
* Experience producing executive and governance-level reporting
* Strong stakeholder engagement and influencing capability
* Certifications such as CISSP, CEH, or CompTIA Security+ (desirable)

Thank you for your interest. Please note that we are only able to consider candidates based in Brisbane or Melbourne, as the role requires in-office attendance. Candidates must have full rights to work in Australia.