Head of Cyber Threat Exposure and Attack Surface Management

Lead the enterprise-wide Continuous Threat Exposure Management (CTEM) strategy, ensuring that the firm continuously identifies, prioritizes, and mitigates exploitable attack paths across on-prem, cloud, and hybrid environments. The CTEM Lead partners closely with Application Security, Vulnerability Management, Red Team, and Security Operations to deliver a unified mission -- transforming exposure insights into measurable risk reduction and proactive defense.

Accountabilities

• Own and drive the global CTEM strategy, establishing a continuous, threat-driven exposure management lifecycle aligned with NIST, MITRE, and CISA Secure-by-Design principles.

• Lead and develop a high-performing CTEM team, fostering collaboration, technical excellence, and an outcome-driven culture.

• Integrate and oversee key exposure management technologies, including Cloud Security Posture Management (CSPM), SaaS Security Posture Management (SSPM), Attack Surface Management (ASM), Breach & Attack Simulation (BAS), and other exposure correlation platforms.

• Correlate assets, identity, vulnerability, and configuration to identify high-impact, exploitable attack paths and inform prioritized remediation strategies.

• Collaborate with Application Security, Vulnerability Management, Red Team, and Security Operations to synchronize discovery, validation, and remediation of exposures across the enterprise.

• Align CTEM outputs with real-world adversary behaviors, leveraging Red Team and Threat Intelligence input to validate attack paths and focus on exploitable conditions.

• Drive automation and AI-enabled analytics to continuously map, assess, and measure reductions in the organization’s attack surface.

• Translate technical findings into business risk language, enabling senior leadership and risk committees to make data-driven investment decisions.

• Define and lead CTEM governance and operating models, ensuring exposure assessments, validation, and remediation tracking are embedded in operational processes.

• Establish clear KRIs and maturity metrics that demonstrate continuous improvement in visibility, validation, and response effectiveness.

• Partner with architecture and engineering teams to embed proactive exposure management practices earlier in design and delivery pipelines.

• Represent the organization externally, contributing to sector-wide initiatives (FS-ISAC, MITRE Engenuity, etc) to advance exposure management practices across financial services.

Essential Skills / Basic Qualifications

• Experience in cybersecurity with direct exposure to vulnerability management, red teaming, or threat exposure reduction.

• Proven track record leading programs integrating CSPM, SSPM, ASM, BAS, or exposure correlation technologies.

• Strong understanding of attack paths, adversary emulation, and continuous validation concepts.

Desirable skills/Preferred Qualifications:

• Experience in financial services or other regulated sectors.

• Familiarity with MITRE ATT&CK/CTID, CISA Secure-by-Design, NIST CSF 2.0/CRI Profile, and DORA/FFIEC exposure frameworks.

• Experience with cloud environments (AWS, Azure, GCP) and hybrid infrastructure exposure management.

• Understanding of vulnerability exploitability scoring (EPSS, CVSSv4) and exposure correlation methods.

• Advanced degree or certifications such as CISSP, OSCP, or GCP/Azure security specialist.

• Demonstrated ability to build data-driven dashboards for exposure visibility and remediation governance.

Purpose of the role

To keep our customers, clients, and colleagues safe by identifying cyber-vulnerabilities across the Bank, using a risk-based approach to prioritise them, and to drive effective remediation activity. 

Accountabilities

• Allocation of the correct risk rating and remediation prioritisation to a vulnerability based on industry standards for assessment, available threat intelligence concerning exploitation, the reachability of the host (or asset) and the value of the service(s) running on the impacted host.

• Development of vulnerability management operating model, policies and procedures to ensure consistency in vulnerability identification, remediation and reporting. Element owner of the Vulnerability Management Standard including Issues Management and Regulatory alignment.

• Communication of vulnerabilities to relevant parties including senior stakeholders, vendors, external security partners and affect business units using reports and dashboards and provide recommendations for improvement in vulnerability management practices.

• Collaboration with Threat intelligence and Cyber Operations teams to assess and contextualise exposure to latest threat trends and exploits and set appropriate remediation timescales.

• Definition of requirements and acceptance criteria for the implementation and maintenance of automation tools to streamline vulnerability management processes within operating systems and applications.

• Reporting of remediation status of Security Assurance Specialist team findings against Key Risk Indicators.

Director Expectations

• To manage a business function, providing significant input to function wide strategic initiatives. Contribute to and influence policy and procedures for the function and plan, manage and consult on multiple complex and critical strategic projects, which may be business wide..
• They manage the direction of a large team or sub-function, leading other people managers and embedding a performance culture aligned to the values of the business. Or for an individual contributor, they lead organisation wide projects and act as deep technical expert and thought leader, identifying new ways of working and collaborating cross functionally. They will train, guide and coach less experienced specialists and provide information affecting long term profits, organisational risks and strategic decisions..
• Provide expert advice to senior functional management and committees to influence decisions made outside of own function, offering significant input to function wide strategic initiatives.
• Manage, coordinate and enable resourcing, budgeting and policy creation for a significant sub-function.
• Escalates breaches of policies / procedure appropriately.
• Foster and guide compliance, ensure regulations are observed that relevant processes in place to facilitate adherence.
• Focus on the external environment, regulators, or advocacy groups to both monitor and influence on behalf of Barclays, when appropriate.
• Demonstrate extensive knowledge of how the function integrates with the business division / Group to achieve the overall business objectives.
• Maintain broad and comprehensive knowledge of industry theories and practices within own discipline alongside up-to-date relevant sector / functional knowledge, and insight into external market developments / initiatives.
• Use interpretative thinking and advanced analytical skills to solve problems and design solutions in often complex/ sensitive situations.
• Exercise management authority to make significant decisions and certain strategic decisions or recommendations within own area.
• Negotiate with and influence stakeholders at a senior level both internally and externally.
• Act as principal contact point for key clients and counterparts in other functions/ businesses divisions.
• Mandated as a spokesperson for the function and business division.

All Senior Leaders are expected to demonstrate a clear set of leadership behaviours to create an environment for colleagues to thrive and deliver to a consistently excellent standard. The four LEAD behaviours are: L – Listen and be authentic, E – Energise and inspire, A – Align across the enterprise, D – Develop others.

All colleagues will be expected to demonstrate the Barclays Values of Respect, Integrity, Service, Excellence and Stewardship – our moral compass, helping us do what we believe is right. They will also be expected to demonstrate the Barclays Mindset – to Empower, Challenge and Drive – the operating manual for how we behave.