Exposure Management Vulnerability Lead

Our Threat and Vulnerability Management function sits at the heart of Cyber Operations, focused on protecting our organisation by proactively identifying, assessing and reducing cyber risk. As we evolve from traditional vulnerability management into a true Exposure Management model on our journey toward CTEM, we’re introducing new, more intelligent ways of understanding and addressing risk. This role will be central to that transformation.

As our Exposure Management Vulnerability Lead, you’ll take ownership of the operational delivery of vulnerability management within an exposure‑led framework. Rather than relying solely on CVSS scores, you’ll prioritise remediation based on real‑world exploitability, business impact and attack‑path context. This a risk‑driven position focused on meaningful, measurable exposure reduction.

You’ll manage the full vulnerability lifecycle, shaping operational strategy, defining scope, building processes and continually improving how we work. Ensuring effective scanning coverage across on‑premise, cloud and internet‑facing assets, you’ll optimise configurations, challenge false positives and guide remediation efforts toward exposure‑based outcomes. Where tooling exists, you’ll also help inform attack‑path‑aware strategies.

Collaboration is key in this role. You’ll work closely with technical teams to accelerate patching, improve configurations and provide clear, trusted, risk‑based guidance. You’ll develop dashboards, KPIs and executive‑ready reporting that highlight risk reduction, support our maturity toward CTEM, and strengthen our Exposure Management model.

You’ll ensure alignment with security policies, standards and regulatory requirements, while maintaining and enhancing incident response plans, documentation, risk assessments and remediation records. You’ll also play an active role in training and awareness to promote strong security hygiene across the organisation.

To succeed, you’ll bring relevant experience in vulnerability management, risk analysis and incident response, supported by certifications such as CISSP or CISM, plus a degree or equivalent experience in Information Security, Computer Science or a related field.

If you’re excited by transforming vulnerability management into something smarter, faster, and genuinely risk‑driven — we want to hear from you.

Apply today and help us shape the future of Exposure Management at Specsavers.

This role closes on 27 March; however, we may close the advert sooner if we get a high volume of applications. So don’t delay your application, apply now – you’ll be glad you did.