Vulnerability Manager

Tech Talent International (SI) supplies technical talent to a variety of clients ranging from Fortune 100/500/1000 companies to small and mid-sized organizations in Canada/US and Europe.

We currently have acontract role as a Vulnerability Manager with our large consulting client on a long term project with a major financial services client in the downtown Montreal area.

Role: Vulnerability Manager

Type: Contract

Duration: 12 months to start + potential extension

Location: Downtown Montreal, QC - Hybrid (roles starts off 5 days in office for 1st 3 months, then turns into hybrid setup 3 days onsite, 2 days from home)

Rate: C2C - $70 - $75/hr depending on overall experience and expectations

Position Overview 

The Vulnerability Manager will lead the IT Infrastructure Cybersecurity Operations team, overseeing the enterprise-wide vulnerability remediation program for CA-CIB's infrastructure environment. This role bridges the Information Security team and IT Infrastructure platform teams, ensuring timely remediation of vulnerabilities across servers, networks, databases, and virtualization infrastructure while maintaining executive visibility through regular reporting. 

Key Responsibilities 

Infrastructure Vulnerability Remediation Management 

• Lead remediation efforts for vulnerabilities across IT Infrastructure domains. 
• Track vulnerabilities from Tenable, penetration testing, security assessments, and threat intelligence feeds 
• Monitor remediation progress against established SLA deadlines 
• Engage proactively with Infrastructure, Network, Database, and Virtualization teams to ensure timely closure 
• Maintain comprehensive dashboards and metrics on vulnerability remediation status 

Stakeholder Management & Reporting 

• Present monthly vulnerability management reports to IT Infrastructure Management Steering Committee and CISO office 
• Provide executive insights on remediation trends, infrastructure risk exposure, and program effectiveness 
• Escalate critical infrastructure vulnerabilities to CTO, Infrastructure Directors, and Risk Management 

Technical Guidance & Infrastructure Support 

• Provide expert guidance on remediation strategies, patching approaches, and configuration hardening 
• Troubleshoot complex remediation scenarios involving legacy systems, business-critical infrastructure, or technical dependencies 
• Recommend best practices for infrastructure vulnerability mitigation aligned with banking industry standards 
• Advise on patch management strategies balancing security requirements with infrastructure stability 

Risk Acceptance & Control Validation 

• Review and validate risk acceptance requests when immediate remediation is not feasible due to business criticality, legacy constraints, vendor limitations, or complex dependencies 
• Assess adequacy of proposed compensating controls (network segmentation, access controls, monitoring) 
• Guide teams in developing robust compensating controls that effectively reduce risk exposure 
• Ensure risk acceptance documentation meets CA-CIB governance, regulatory, and compliance requirements. 

Program Leadership & Governance 

• Drive continuous improvement of the infrastructure vulnerability management program 
• Develop and maintain vulnerability management policies, procedures, and workflows aligned with CA-CIB IT governance 
• Foster collaboration between Information Security and IT Infrastructure teams 
• Support regulatory examinations and audits related to infrastructure security 

Required Qualifications

• Bachelor's degree in Computer Science, Information Technology, Information Security, or related field 
• 7+ years of experience in IT infrastructure security, cybersecurity operations, or vulnerability management within banking or financial services 
• 3+ years in a leadership or management role 
• Strong understanding of vulnerability assessment tools (Tenable/Nessus) and infrastructure scanning methodologies
• Experience with risk management frameworks and control validation in regulated environments 
• Proven ability to communicate technical infrastructure security concepts to executive audiences 
• Understanding of banking regulatory requirements and IT risk management 

Preferred Qualifications 

• Relevant certifications: CISSP, CISM, or similar 
• Experience with vulnerability management platforms and ITSM systems (ServiceNow) 
• Background in both information security and IT infrastructure operations 
• Experience working in large, complex banking IT environments
• English (mandatory), French language skills (preferred) 

Key Competencies 

• Strong analytical and problem-solving skills with infrastructure focus 
• Excellent communication and presentation abilities in English 
• Proactive and results-oriented mindset with ability to work under regulatory pressure 
• Ability to influence infrastructure teams without direct authority 
• Strategic thinking with attention to operational detail and business impact 
• Stakeholder management and negotiation skills across technical and business functions 
• Ability to balance security requirements with business continuity and operational resilience 

Working Environment 

• Location: downtown Montreal, Quebec 
• Working from home on a voluntary basis for up to 2 days per week after 3 months of joining 
• Collaboration with global IT Infrastructure and Security teams 
• Exposure to senior IT and Risk leadership 

Other: 

Calendar: this role follows statutory holidays of USA 

Term: 12 months + extensions

Target Start Date: ASAP