Vulnerability Management Program Manager - King County : Job Details

This position is open to Internal King County Department of Information Technology (KCIT) employees and eligible Priority Placement participants ONLY. Only current KCIT employees and eligible Priority Placement participants applications will be considered.KCIT is seeking a dedicated and knowledgeable Vulnerability Management Program Manager to lead and mature the County's enterprise vulnerability management initiatives. The successful candidate will play a critical role in safeguarding our technology environment by identifying, assessing, prioritizing, and tracking remediation of vulnerabilities across a complex landscape of systems, applications, and cloud platforms.King County Department of Information Technology (KCIT) KCIT uses the power of technology to digitally transform King County. Building vibrant communities through digital equity and social justice, KCIT offers innovative solutions that engage, empower, and serve our residents, businesses, communities and interested stakeholders. As the first-place recipient of the 15th annual National Association of Counties (NACo) Digital Counties Survey, KCIT is recognized for its vision, strategy, innovation, and collaboration. KCIT has a focus of delivering smart technology solutions that support customers, building stronger communities through innovation. KCIT is providing the building blocks for many of the region's most critical services. As the business solutions partner, we collaborate with the 18 County departments to develop products and services that better serve the needs of our customers and our community. To learn more about KCIT, please visit:

• Develop and lead the County's enterprise Vulnerability Management Program strategy, policies, processes, and reporting.
• Oversee vulnerability scanning, assessments, and prioritization of risks across infrastructure, applications, and cloud environments.
• Collaborate with Security Operations, IT teams, and business units to drive risk remediation efforts and ensure accountability.
• Maintain and operate enterprise vulnerability management tools and coordinate scan schedules and exception processes.
• Report regularly to senior leadership on the County's vulnerability risk posture and remediation progress.
• Establish risk-based prioritization methodologies aligned with business impact and threat intelligence.
• Track and enforce timelines for remediation or formal acceptance of vulnerability risks.
• Lead vulnerability risk advisory communications for IT leadership and department customers.
• Support compliance initiatives related to vulnerability management, including audits, frameworks (NIST, HIPAA, PCI-DSS), and cyber insurance requirements.
• Continuously improve vulnerability processes by evaluating new technologies, threat intelligence sources, and emerging best practices.
• Other duties as assigned

• 5+ years of professional experience in cybersecurity, with 3+ years focused specifically on vulnerability management.
• Deep knowledge of vulnerability management frameworks, vulnerability scoring systems (CVSS), and risk prioritization.
• Hands-on experience with vulnerability scanning and management tools (e.g., Qualys, Tenable, Rapid7, CrowdStrike).
• Experience interpreting vulnerability findings across infrastructure, SaaS, cloud, and code repositories.
• Strong knowledge of security standards and compliance frameworks (NIST 800-53, NIST CSF, HIPAA, PCI-DSS).
• Ability to communicate effectively with technical and non-technical stakeholders.
• Excellent project management, organizational, and documentation skills.
• Ability to work independently and proactively manage competing priorities

Desirable Qualifications

• Bachelor's Degree in Information Technology, Cybersecurity, or related field.
• Industry certifications such as CISSP, GSEC, GCIA, CEH, or OSCP.
• Experience working in highly regulated environments (e.g., healthcare, government).
• Experience with security orchestration and automated remediation workflows.
• Familiarity with cloud environments (Azure, AWS, GCP) and container security.

Additional Requirements

• Must pass a Criminal Justice Information System (CJIS) Background Check

Hybrid Work:The work associated with this position will be performed through a combination of onsite work and telecommuting. Employees will have access to shared workspaces at various King County facilities. Employees must reside in Washington state and within a reasonable distance to their King County worksiteto respond to workplace reporting requirements. King County has a robust collection of toolsandresources to support when working remotely.

Classification:IT Manager-Principal - 7341500

Union:This position is represented by L117 - IT Managers and Supervisors

Work Schedule:The normal workweek for this position is Monday through Friday, 8:00 a.m. to 5:00 p.m. Alternative work schedules may be considered. This position is not eligible for overtime pay. This position may be required to work after hours on occasion as needed.

Forbes named King County as one of Washington State's best employers.

Together, with leadership and our employees, we're changing the way government delivers service and winning national recognition as a model of excellence. Are you ready to make a difference?Come join the teamdedicated to serving one of the nation's best places to live, work and play.

Guided by our True North , we are making King County a welcoming community where every person can thrive. We value diversity, inclusion and belonging in our workplace and workforce. To reach this goal we are committed to workforce equity. Equitable recruiting, support, and retention is how we will obtain the highest quality workforce in our region; a workforce that shares and will help advance our guiding principles - we are one team; we solve problems; we focus on the customer; we drive for results; we are racially just; we respect all people; we lead the way; and we are responsible stewards. We encourage people of all backgrounds and identities to apply, including Native American and people of color, immigrants, refugees, women, LGBTQ+, people living with disabilities, and veterans.

King County is an Equal Employment Opportunity (EEO) Employer

No person is unlawfully excluded from employment opportunities based on race, color, religion, national origin, sex (including gender identity, sexual orientation and pregnancy), age, genetic information, disability, veteran status, or other protected class. Our EEO policy applies to all employment actions, including but not limited to recruitment, hiring, selection for training, promotion, transfer, demotion, layoff, termination, rates of pay or other forms of compensation.

Are you ready to APPLY!?

The recruitment for this position is open to all qualified candidates. This recruitment may be used to fill future vacancies. A completed King County Application and Resume are required for consideration. Applications submitted without all material will not be considered.

Questions:If you have questions regarding this recruitment, please contact Shannon Hoeper @[email protected] 206-###-####.

#J-18808-Ljbffr