Security & Risk Management Program Manager

LexisNexis

Security & Risk Management Program Manager at LexisNexis overseeing vulnerability management and risk reduction. Leading cross-functional initiatives and ensuring compliance with audits and regulations.

Posted 6/12/2026full-timeHorsham • Pennsylvania • 🇺🇸 United StatesMid-LevelSenior💰 $95,300 - $158,800 per yearWebsite

Tech Stack

Tools & technologies

Cloud

About the role

Key responsibilities & impact

Own and evolve the enterprise vulnerability management program, including governance, operating model, and stakeholder alignment
Define and execute an integrated roadmap for vulnerability management and security risk reduction initiatives
Establish accountability, SLAs, and execution standards across security, engineering, and infrastructure teams
Lead cross-functional risk reduction initiatives; manage timelines, dependencies, and escalation to ensure delivery
Drive prioritization based on risk exposure, business impact, and regulatory requirements
Align security, infrastructure, cloud, and application teams on remediation and risk reduction priorities
Lead risk acceptance and exception processes, including analysis, approvals, and lifecycle management
Maintain risk registers, treatment plans, and exception tracking aligned to business and compliance objectives
Ensure appropriate risk segmentation across commercial and government environments
Translate vulnerability and risk data into actionable insights for leadership decision-making
Deliver executive-level reporting on risk posture, remediation performance, and program progress
Define and track metrics to measure risk reduction effectiveness and execution performance
Ensure audit readiness through complete, traceable documentation and remediation evidence
Support regulatory and government requirements, including POA&M tracking and control validation
Partner with GRC and audit stakeholders to meet contractual and compliance obligations

Requirements

What you’ll need

Strong program management experience leading complex, cross-functional initiatives.
Experience in information security, such as vulnerability management, risk management, GRC, or security operations.
Understanding of vulnerability management lifecycle processes, including asset discovery, scanning, validation, prioritization, remediation, exception handling, and reporting.
Proven ability to lead risk reduction or remediation initiatives across multiple technical teams.
Experience developing executive reporting, metrics, risk records, meeting outputs, and audit artifact and risk summaries.
Strong stakeholder management and communication skills across technical and business audiences.
Experience supporting audits, compliance reviews, evidence collection, or control validation activities.
Familiarity with vulnerability severity models, CVSS, exploitability, asset criticality, exposure, compensating controls, and risk-based prioritization.

Benefits

Comp & perks

Health Benefits: Comprehensive, multi-carrier program for medical, dental and vision benefits
Retirement Benefits: 401(k) with match and an Employee Share Purchase Plan
Wellbeing: Wellness platform with incentives, Headspace app subscription, Employee Assistance and Time-off Programs
Short-and-Long Term Disability, Life and Accidental Death Insurance, Critical Illness, and Hospital Indemnity
Family Benefits, including bonding and family care leaves, adoption and surrogacy benefits
Health Savings, Health Care, Dependent Care and Commuter Spending Accounts
Up to two days of paid leave each to participate in Employee Resource Groups and to volunteer with your charity of choice

ATS Keywords

✓ Tailor your resume

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

vulnerability managementrisk managementGRCsecurity operationsasset discoveryscanningvalidationremediationexception handlingreporting

Soft Skills

program managementstakeholder managementcommunicationleadershipcross-functional collaborationrisk prioritizationexecutive reportingmetrics developmentaudit readinessdecision-making