(Senior) Vulnerability Manager (m/f/d)

Welcome to the Information Security team at Fresenius Kabi! We are responsible for protecting the confidentiality, integrity, and availability of Fresenius Kabi’s information and systems. Our mission is to ensure that business operations remain secure, resilient, and compliant with regulatory requirements across all regions.

In your new role as a (Senior) Vulnerability Manager (m/f/d), you will be responsible for the coordination of the end-to-end vulnerability management process, working closely with IT, security, and operational teams to ensure vulnerabilities are identified, assessed, prioritized, and mitigated according to defined policies and timelines. This is a coordinating and process-enforcing role that requires both technical expertise and excellent stakeholder management skills.

We seek team members who bring authenticity, integrity, and the determination to drive meaningful progress toward our cybersecurity goals.

Look forward to a working environment that is both exciting and rewarding. A workplace that sets standards in many ways, while giving us the chance to keep expanding our knowledge and skills.

Your assignments

• Establish and manage a standardized global vulnerability management process – covering validated environments, global applications and medical devices – by integrating inputs from scanners, disclosures, and penetration testing, while aligning with internal processes and defining clear roles and responsibilities.

• Design and implement SLAs and escalation procedures to ensure timely remediation of vulnerabilities and effective stakeholder communication.

• Coordinate and drive the vulnerability management lifecycle (identification, assessment, remediation, exception handling).

• Align with patch management, asset management, and configuration management processes to ensure vulnerabilities are addressed efficiently and consistently across the organization, as well as change management and incident management processes to enable coordinated, secure, and compliant remediation of vulnerabilities.

• Support the refinement and continuous improvement of the vulnerability management process.

• Analyze vulnerability scan results and prioritize based on risk, criticality, and business impact.

• Set up and maintain metrics and dashboards to provide visibility into the vulnerability landscape and remediation progress.

• Participate in internal and external audits as a subject matter expert for vulnerability management.

Your profile

• Bachelor’s degree in computer science, information security, or related field (or equivalent work experience).

• At least 3 years of experience in vulnerability management, operational cybersecurity, or IT security operations in regulated environments (e.g., GxP, KRITIS, NIS2).

• Strong understanding of common vulnerabilities (CVEs, CVSS, exploits) and their potential impact.

• Experience with vulnerability scanning tools (e.g., Tenable, Qualys, Rapid7, Claroty) and security platforms, with demonstrated ability to align findings and remediation efforts with established change and incident management processes.

• Understanding of secure configuration standards (e.g., CIS, STIG).

• Familiarity with change and incident management processes as well as good knowledge of change and validation processes in GxP or similarly regulated contexts.

• Familiarity with OT systems, SCADA, or ICS, especially in regulated manufacturing environments.

• Excellent stakeholder management and communication skills with the ability to build strong relationships, coordinate across teams, enforce deadlines, and drive remediation activities.

• Fluent in English (spoken and written); German or another additional language is an advantage.