Asset and Configuration Management Lead at ServiceNow

Program Manager, Vulnerability and Patch Management

A subject matter expert responsible for managing, leading, implementing, and execution of the operational vulnerability and patch management program. Key Responsibilities:

• Identify and manage enterprise-wide vulnerabilities and be familiar with scanning solutions like Rapid 7
• Analyze vulnerability data (CVSS, EPSS scores, threat intelligence feeds, etc.) to develop prioritized patching remediation plans
• Maintain asset classification and risk-tier mapping to drive vulnerability prioritization based on criticality
• Provide knowledge of operational configuration and tuning of vulnerability scanning and reporting tools, including credentialed scans and API integrations
• Participate in the design and implementation of structured patch management processes for Windows, Linux, MacOS, Network devices, and third-party applications
• Coordinate patch validation, pilot rollouts, production deployment windows, and rollback procedures
• Implement and monitor SLA/KPI compliance for critical, high, and medium-risk patches based on business risk tolerance
• Determine feasibility to automate patch pipelines whenever possible using best practice solutions
• Continuously evaluate and improve scan frequencies, patch cycles, and reporting quality
• Drive integration between vulnerability management platforms like CMDB, SIEM and ticketing systems like ServiceNow and JIRA
• Contribute to threat modeling and attack surface reduction initiatives
• Maintain and track vulnerability exceptions, document business justifications, and escalate residual risks as necessary
• Collaborate with IT, Cybersecurity and Risk teams to ensure regulatory patching requirements are satisfied (e.g., CMMC, NIST, PCI-DSS, etc.)
• Prepare metrics and executive-level reporting on vulnerability trends, SLA adherence, threat exposure, and remediation status
• Support internal and external risk assessments, audit engagements related to vulnerability and patch management controls Requirements:
• 5-10 years of progressively increasing responsibility in IT organizations
• Bachelor's degree in information systems, information security, computer science, or business-related field
• Certifications in CISSP, CRISC, CISM, GCWN, PMP, ITIL, or comparable certification
• 2+ years managing or coordinating large-scale IT and security operations projects and programs
• Experience with NIST, PCI DSS, GDPR, CCPA, and SOC frameworks
• Experience in ITIL and/or Process Improvement
• Experience with Governance, Risk, and Compliance (GRC) solutions like: Archer and SNOW
• Excellent analytical, critical thinking, organizational, and communication skills
• Excellent business partnership, verbal and written communication skills
• Strong tactical and strategic thinking, analysis and problem-solving skills
• Proven ability to successfully juggle multiple priorities and willing to shift direction quickly when priorities change
• Identify, own and track issues through resolution
• Solid technology management acumen
• Works comfortably in a fast-paced and dynamic environment managing multiple projects About Insight Global:

We are a premier provider of workforce solutions dedicated to helping our clients achieve their goals. Our team is passionate about delivering exceptional service and finding innovative solutions to meet the ever-changing needs of our clients.