Head of Security Testing and Vulnerability Management

Head of Security Testing and Vulnerability Management

We’re the world’s leading data, insights, and consulting company; we shape the brands of tomorrow by better understanding people everywhere.

The Head of Security Testing and Vulnerability Management will lead the enterprise-wide strategy and execution for security testing, vulnerability assessment, and remediation programs. This role ensures the organisation maintains a robust security posture by proactively identifying, assessing, and mitigating vulnerabilities across infrastructure, applications, and cloud environments.

Define and implement a global security testing and vulnerability management strategy aligned with enterprise risk objectives.

Establish governance frameworks, KPIs, and reporting mechanisms for security testing and vulnerability management.

Oversee penetration testing, red teaming, and application security testing programs.

Manage vulnerability scanning, prioritisation, and remediation workflows across all technology stacks.

Ensure timely patching and mitigation of critical vulnerabilities in collaboration with IT, engineering teams and wider business units.

Align vulnerability management practices with regulatory requirements (e.g., ISO 27001, NIST, CIS).

Provide executive level reporting on risk exposure and remediation progress.

Drive automation and integration of vulnerability management tools into CI/CD pipelines.

Stay ahead of emerging threats and testing methodologies to enhance security resilience.

Build and lead a team of security testing and vulnerability management professionals.

Foster a culture of accountability, collaboration, and continuous learning.

Proven experience in leading global security testing and vulnerability management programs.

Strong knowledge of penetration testing, vulnerability scanning tools (e.g., Qualys, Microsoft Defender Vulnerability Management, etc), and secure development practices.

Expertise in integration with risk management frameworks.

Excellent team leadership, stakeholder management, and communication skills.

Ability to operate in a complex, multi-regional environment with diverse technology landscapes.

CISSP, OSCP, or equivalent certifications.

Experience with cloud security (Azure) and DevSecOps practices.

Background in large-scale enterprise environments.

Opportunity to shape global security strategy in a high-impact leadership role.

Work with cutting-edge technologies and a world-class cyber security team.

Competitive compensation and benefits package.

Please be aware, the majority of our roles are hybrid, working three days a week in our office.

We’re not able to offer visa sponsorship or help with relocation support for this role. Please make sure you’ve got the right to work in the country where this role is located before applying.

You’ll be joining our technology team, right in the middle of our tech revolution. We’re undergoing the largest technology transformation Kantar has ever seen, investing in new AI and cloud technologies. By modernizing all our tech systems, we can respond our clients' needs faster and more efficiently – and keep Kantar as a market leader for insights.

We shape the brands of tomorrow by better understanding people everywhere. By understanding people, we can understand what drives their decisions, actions, and aspirations on a global scale. And if we combine the expertise of our people with the latest AI technology, we can really help brands discover some amazing insights.

And because we know people, we like to make sure our own people are being looked after as well. Equality of opportunity for everyone is our highest priority and we support our colleagues to work in a way works for them. We encourage applications from all backgrounds and sections of society. Even if you feel like you’re not an exact match, we’d love to receive your application and talk to you about this job or others at Kantar.

At Kantar, the diversity of our employees provides a richer environment for our employees and broader depth and breadth of thinking for our clients. Kantar is committed to inclusion and diversity; therefore, we welcome applications from all sections of society and do not discriminate based on age, race, religion, gender, pregnancy, sexual orientation, gender identity, disability, marital status, or any other legally protected characteristics.

PRIVACY DISCLOSURE: Please note that by applying to this opportunity you consent to the personal data you provide to us to be processed and retained by The Kantar Group Limited (“Kantar”). Your details will be kept on our Internal ATS (Applicant Tracking System) for as long as is necessary for the purposes of recruitment, which may include your details being shared with the hiring manager.