- Own Bridgewater’s vulnerability and exposure management program from detection through remediation and risk acceptance.
- Define what “matters” from a vulnerability perspective and continuously refine that bar.
- Validate vulnerabilities through technical analysis and, where appropriate, hands-on exploitation.
- Apply a consistent risk methodology that accounts for asset criticality, data sensitivity, exposure (internal vs. external), exploitability, attacker prerequisites, and compensating controls.
- Convert raw findings into prioritized, decision-relevant outputs aligned to enterprise risk.
- Clearly articulate why a vulnerability is critical, acceptable, or noise.
- Work directly with application and service owners to drive remediation of high-impact issues.
- Build trust by providing clear logic, not mandates, and by respecting engineering realities.
- Provide Detection & Response teams with context and prioritization guidance for zero-days and emerging threats.
- Support response efforts without owning real-time containment or incident handling.