Cyber Attack Surface Management Manager

City/State

Norfolk, VA

Work Shift

First (Days)

Overview:

Overview

The ASM Manager leads the Cyber Attack Surface Management function, responsible for assisting with strategy, execution, and continuous improvement of capabilities that reduce the organization’s cyber exposure. This role ensures alignment with enterprise risk priorities and coordinates across security, IT, and business units.

• Define and execute the ASM program strategy, roadmap, and priorities.
• Oversee all ASM functions: threat intelligence, third-party incident management, identity hygiene, vulnerability management, and legacy OS risk tracking.
• Establish governance, processes, and performance metrics.
• Act as primary stakeholder liaison across Security Operations, IT, Risk, and Vendor Management.
• Drive risk-based prioritization and decision-making.
• Present risk posture, trends, and recommendations to senior leadership.
• Ensure integration with CTOC and broader cyber security programs.
  
  
  

Education

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field—or equivalent industry training and certifications. (Preferred)
  
  
  

or

• Experience in lieu of Bachelor’s Degree -7 yrs relevant years’ experience without a degree
  
  
  

Certification/Licensure

• Certification or License (Preferred)- CISSP/ CISM/CRISC/ Vendor/platform certifications related to vulnerability management, cloud security, or threat intelligence are a plus
  
  
  

Experience

• 7 yrs relevant years’ experience without a degree
• 5 years of experience with a degree
• Experience leading or supporting Cyber Attack Surface Management (ASM), vulnerability management, threat intelligence, or cyber exposure management programs.
• Strong hands-on experience coordinating vulnerability remediation efforts and driving risk reduction initiatives across cross-functional teams.
• Experience building, operationalizing, and maturing cybersecurity processes, governance frameworks, and remediation workflows.
• Experience partnering with Security Operations, Infrastructure, Cloud, IAM, Risk, Compliance, and Vendor Management teams in a complex enterprise environment.
• Experience with cybersecurity platforms and tools such as Tenable, Qualys, CrowdStrike, ServiceNow, Microsoft Defender, Palo Alto, or similar technologies.
  
  
  

We provide market-competitive compensation packages, inclusive of base pay, incentives, and benefits. The base pay rate for Full Time employment is:$116,729.60-$216,777.60. Additional compensation may be available for this role such as shift differentials, standby/on-call, overtime, premiums, extra shift incentives, or bonus opportunities.

Benefits: Caring For Your Family and Your Career

• Medical, Dental, Vision plans
• Adoption, Fertility and Surrogacy Reimbursement up to $10,000
• Paid Time Off and Sick Leave
• Paid Parental & Family Caregiver Leave
• Emergency Backup Care
• Long-Term, Short-Term Disability, and Critical Illness plans
• Life Insurance
• 401k/403B with Employer Match
• Tuition Assistance – $5,250/year and discounted educational opportunities through Guild Education
• Student Debt Pay Down – $10,000
• Reimbursement for certifications and free access to complete CEUs and professional development
• Pet Insurance
• Legal Resources Plan
• Colleagues have the opportunity to earn an annual discretionary bonus if established system and employee eligibility criteria is met.
  
  
  

Sentara Health is an equal opportunity employer and prides itself on the diversity and inclusiveness of its close to an almost 30,000-member workforce. Diversity, inclusion, and belonging is a guiding principle of the organization to ensure its workforce reflects the communities it serves.

In support of our mission “to improve health every day,” this is a tobacco-free environment.

For positions that are available as remote work, Sentara Health employs associates in the following states:

Alabama, Delaware, Florida, Georgia, Idaho, Indiana, Kansas, Louisiana, Maine, Maryland, Minnesota, Nebraska, Nevada, New Hampshire, North Carolina, North Dakota, Ohio, Oklahoma, Pennsylvania, South Carolina, South Dakota, Tennessee, Texas, Utah, Virginia, Washington, West Virginia, Wisconsin, and Wyoming.