Resilience Vulnerability Management Lead

Job Title: Resilience Vulnerability Management Lead

Location: Sheffield – Hybrid

IR35 Status: Inside IR35

Overview

We are working with a leading financial services organisation to recruit an experienced Resilience Vulnerability Management Lead for an initial 10-month contract. This role is critical to supporting the organisation’s Operational Resilience and Vulnerability Management objectives, ensuring Important Business Services (IBS) are resilient, well-governed, and compliant with internal standards and regulatory expectations.

You will work in a hybrid model from Sheffield, collaborating closely with IT Service Owners, Service Sustainability Leads, and senior stakeholders across technology and the business.

Key Responsibilities

Resilience Assessment (TRVA)

• Lead resilience assessments (TRVA) for multiple IBS applications across front-office and back-office environments
• Ensure alignment with internal operational resilience standards
• Review architecture documents and application artefacts, leveraging data from enterprise platforms
• Pre-fill vulnerability questionnaires, identify gaps or issues, and facilitate workshops with IT Service Owners to resolve findings
• Analyse metrics and operational data (e.g. incident logs) to identify resilience weaknesses and improvement opportunities
• Drive timely sign-off of assessments by all required stakeholders
• Consolidate findings into clear, comprehensive reports with actionable remediation recommendations
• Raise identified vulnerabilities in line with governance requirements
• Contribute to executive-level summaries and participate in stakeholder presentations

Vulnerability Management

• Manage the end-to-end vulnerability lifecycle, including:
• Creation and approval
• Tolerance assessments
• Progress tracking and reporting
• Remediation and closure governance
• Closure pack preparation, QA, approval, and final closure
• Conduct control reviews outside standard assessments and raise vulnerabilities where required
• Work closely with IT Service Owners to capture risk, impact, severity, mitigation, and remediation plans
• Partner with Service Sustainability Leads and IT Service Owners to collect Evergreening details
• Ensure Impact Assessments are completed for all vulnerabilities and severity records are kept up to date
• Support other Lines of Business with tolerance assessments for MSS-owned applications
• Analyse weekly vulnerability reports to identify new risks impacting Important Business Services and drive them through assessment processes
• Ensure remediation actions are accurately reflected in golden source systems
• Prepare high-quality closure packs with supporting evidence
• Produce Risk & Control Management Meeting packs and stakeholder reports
• Represent the team in governance forums when required
• Contribute inputs to consolidated CIB-level reporting
• Participate in vulnerability portal feature testing, providing feedback and backlog requirements
• Actively contribute to daily and weekly Operational Resilience and Vulnerability Management forums

Qualifications & Experience

• Bachelor’s degree in IT, Computer Science, or a related discipline (or equivalent professional experience)
• Proven experience in operational resilience, risk management, or vulnerability management within a large financial institution
• Strong understanding of:
• Operational resilience frameworks
• Vulnerability lifecycle management
• Regulatory and governance requirements
• Demonstrated ability to manage complex assessments across multiple applications and stakeholders

Key Capabilities

• Strong analytical and problem-solving skills
• Excellent communication skills, with the ability to present complex findings to both technical and non-technical audiences
• High attention to detail and strong commitment to quality
• Proactive, self-motivated, and able to manage multiple priorities in a fast-paced, regulated environment
• Confident stakeholder manager with experience driving cross-functional outcomes

What’s on Offer

• Competitive inside IR35 day rate
• Long initial contract (10 months) with potential extension
• Opportunity to play a key role in strengthening operational resilience within a major financial services organisation

If you are an experienced Resilience or Vulnerability Management Lead looking for your next contract role, we’d be keen to hear from you.