Share this Job

Threat and Vulnerability Management Lead

Date: 20-Jun-2021

Location: Cardiff, GB, CF30LT

Company: dwrcymrucy

Job Requisition Number                              1400                                                                              
Work Type Permanent
Job Function IT
Salary Range £46,321.00 -£56,743.00 
Location Linea


Who we are


Dŵr Cymru Welsh Water keep 3 million people healthy each day with safe, reliable water, and take away wastewater to clean, before returning it safely to our beautiful rivers and seas.

To be able to deliver high quality, essential services which help to protect the health of our customers, colleagues and our environment, we need the right people to deliver on our vision.  This is achieved by living our core values and demonstrating the core behaviours that underpin them.  The security of our people, assets and information is key to us, so we are looking for people who understand and comply with the company’s required security objectives.

We know that the most successful teams are the most diverse teams. Equality, diversity and inclusion provide the very foundation to our culture at Welsh Water. We want every individual to feel confident, proud and able to bring their whole selves to work. 
To ensure an improved representation in our workforce, applications are particularly welcome from minority groups including Black, Asian and Minority Ethnic people, Females, LGBT+, Non-binary and people with disabilities. Together we continue to build a workplace that not only celebrates the diverse voices of our colleagues but also represents each customer we serve.

In essence, ours is a company based on trust, openness, respect, commitment and honesty. A company that our colleagues are proud to work for.

What you’ll be responsible for

Reporting into the Security Risk & Governance Manger, the Threat and Vulnerability Management Lead will be responsible for defining and embedding of the relevant processes required to both identify and evaluate critical vulnerabilities and threats. You will be responsible for reporting and overseeing the successful mitigation of the issues identified. This is expected to be a highly proactive role, acting on initiative to seek out vulnerabilities, keeping track of current events and changes in the technology landscape, and responding appropriately to address risk. 




  • Define and embed the forward-looking threat & vulnerability management strategy for the Business
  • Define and create the necessary reporting and dashboarding to enable stakeholders across the business to understand the threat and risk profile
  • Partner with Technical and non-technical stakeholders to develop and agree effective mitigation plans for vulnerabilities
  • Establish and lead efforts of cross functional technical resources to respond to highest risk/most complex vulnerabilities, contribute technical specialist knowledge
  • Understand and stay current with regard to the critical threats faced by the Business by continually analysing cyber threat intelligence sources.
  • Monitor threat intelligence sources proactively to ensure any potential Business exposure is spotted swiftly and the appropriate actions taken
  • Promote a proactive approach to addressing the changing threat landscape by recommending architectural improvements to security infrastructure.
  • Undertaking on demand vulnerability exposure of key staff across the organisation   
  • Undertaking any other requirements as outlined by the line manager

Who you’ll work with


CTO & CISO direct reports, Senior Executives, Technical Operations Managers, Business Application owners, IT System owners


UK Government NCSC, Welsh Government, Sector Security Collaboration Groups, IT Outsource partners, Security Outsource partners

About you


These qualifications, experience, knowledge & skills are deemed essential criteria for this role, unless otherwise stated:



  • Excellent knowledge of MITRE ATT&CK, OWASP Top 10, CVSS (Common Vulnerability Scoring System), and CVE
  • Professional certifications such as CEH, OCSP, LPT, GPEN are advantageous - Desirable, not essential


  • Experience of using Tenable, Qualys, or other best of breed vulnerability scanning technologies.
  • Excellent knowledge of MITRE ATT&CK, OWASP Top 10, CVSS (Common Vulnerability Scoring System), and CVE
  • Experience in a Threat and Vulnerability / SOC related role. 
  • Experience of penetration testing and vulnerability scanning

Experience of managing and developing direct reports 

Knowledge & Skills

  • Enthusiastic about putting our customers first every day
  • Good knowledge of cyber threat landscape, current affairs and geopolitics, threat actors and how to apply this knowledge within a CNI regulated environment
  • Strategic thinker, data-driven and analytical in approach to problem solving. 
  • Strong team player and ability to take responsibility and act autonomously. 
  • Ability to plan, organise and prioritise tasks and projects. 
  • Ability to interact proactively, professionally and confidently with all levels across the business, including executive management
  • Ability to communicate effectively in Welsh - Desirable, not essential



As well as a market competitive salary and 25 days annual leave (pro rata), we offer a range of employee benefits including:



  • Variable pay schemes
  • Enhanced employer pension contributions
  • Reduction on gym memberships and high street shopping
  • Cycle to work scheme
  • Car-leasing scheme
  • Health CashBack scheme
  • An employee assistance programme for employees and their immediate family

And many, many more.




Dŵr Cymru Cyf, a limited company registered in Wales No. 2366777. Registered office: Linea, Fortran Road, St. Mellons, Cardiff CF3 0LT

© Dŵr Cymru Cyf 2019.

Job Segment: Wastewater, Water Treatment, Engineering