Millicom (Tigo)

Vulnerability Management Expert

Millicom (Tigo)  •  Panamá, PA (Onsite)  •  4 hours ago
Apply
AI can make mistakes so check important info. Chat history is never stored.

Job Description

Would you like to help us achieve our purpose of connecting more people, improve their lives and develop our communities? If so, Tigo is for you!

We believe in innovation, we adapt and are agents of change. Our customers are at the center of everything we do.

Come and grow with our team, where together we will transform lives and communities. Additionally, you will have the opportunity to participate in challenging projects and bring your innovative ideas.

This is your opportunity, come and be part of Sangre Tigo!

Apply right now!

Vulnerability Management Expert

JOB PURPOSE

You will be an integral part of Millicom’s Group Information Security team, a team which aims to protect the company assets from unauthorized access, loss or leakage. You will be responsible for managing the Vulnerability Management process.

The Vulnerability Management Expert leads the implementation and continuous improvement of the process that identifies all vulnerabilities within the infrastructure and applications, provide an overview of the Company’s security risks and threats, define and prioritize appropriate remediation. This position requires strong technical knowledge and experience with hardware, software, network, and application security vulnerabilities analysis. It also requires excellent communication, organization and leadership skills and coordination with local and remote teams to guide them and ensure alignment of the vulnerability management local processes with the global policy.

THE WAY WE WORK

You are open-minded, passionate and the way you work energizes others. You are committed to the timely delivery of a job well done. You behave with integrity and transparency.

The current position will have the following responsibilities:

  • Define the appropriate methodology and procedures to ensure a tailored and functional vulnerability management process is in place, in alignment with the Information Security strategy and objectives and based on industry best practices.
  • Define a risk-based vulnerability management and penetration testing processes , providing guidelines to prioritize remediations, effectively reducing the Company’s exposure to threats and the likelihood of being impacted by a security incident.
  • Lead and support the standardization of the vulnerability management process.
  • Develop and track key performance indicators (KPIs) related to vulnerability management and penetration testing, to provide global risks visibility, benchmark and further enhance capabilities.
  • Provide visibility to high level executives, at group and local levels, on vulnerability management and penetration testing processes performance regarding scope coverage, remediation progress and prioritization, risk status, etc.
  • Manage and maintain the relationship with vendors and third parties involved in vulnerability management and penetration testing processes, maximizing the benefits of the service to support its evolution and improvement.
  • Build a collaborative communication with threat intelligence, threat hunting and monitoring, detection, and response process owners to ensure outcomes from vulnerabilities risk evaluation and remediation progress feed these processes and vice versa, promoting permanent improvement and evolution of the vulnerability management process.
  • Act as an advisor and partner to both Millicom and third parties regarding security vulnerabilities; work collaboratively with impacted parties to provide recommendations.
  • Partner with in-country leaders to ensure all aspects of vulnerability management and remediation are in place and functioning at a high level, in compliance with global policies and standards.
  • Partner with peers in the group and local teams to ensure all detected events or incidents are investigated, tracked, and mitigated in a consistent, timely manner.

The role is part of the Group Information Security team, reporting directly to the Group Information Security Director The role will have interfaces with numerous stakeholders at group and local levels, within and out the Information Security teams.

The role will be based at any of the countries where we operate. International travel may be required.

QUALIFICATIONS AND EXPERIENCE

  • Minimum of 10 years relevant experience in developing and managing information technology and security risk and compliance programs in a mid to large-scale enterprise environments, and at least 3 years in a management role leading a technical team, preferably in a SOC environment.
  • Master’s degree in relevant discipline (IT, Cyber Security).
  • Qualified Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Offensive Security Certified Expert (OSCE), Offensive Security Certified Professional (OSCP), or equivalent professional qualification.
  • Experience of working in a complex multinational and multicultural corporate environment.
  • Understanding of global business and systems during previous roles in central IT functions and/or business units.
  • Ability to absorb new information and assess processes using a risk and control-based approach.
  • Telecom’s and Technology experience are highly desirable as is experience working in emerging markets.

ESSENTIAL KNOWLEDGE

Required technical skills and experience

  • Detailed understanding and strong technical knowledge of cyber security matters, development and integration, vulnerability management, threat analysis and incident response (incl. MITRE ATT&CK), penetration testing / ethical hacking, data analytics and reporting.
  • Strong knowledge in IT controls, risk assessments, design and testing of security measures.
  • Experience with digital environments, mobile and web applications, service-oriented architectures, etc.
  • Strong knowledge of core IP networking and common protocols.
  • Strong understanding of Windows and Linux internals.
  • Hands on experience with vulnerability management tools.
  • Experience and clear understanding of vulnerability scan reports, vulnerabilities analysis and technical recommendations for an effective and practical remediation.
  • Mixed skillset covering both offensive and defensive security.
  • Basic development and scripting skills.
  • Experience with modern offensive techniques and APT TTP's (tools, tactics, and techniques).

You will be required to demonstrate your ability to enable process change and how you have personally implemented or improved monitoring, detection, and response practices in your previous experiences.

Communication, leadership, and people skills

  • Excellent verbal, presentation, and written skills – fluent English, Spanish is a must.
  • Professionally skeptical mindset with ability to probe and challenge management information.
  • Root cause analysis - understanding an issue or complex problem and the key drivers behind it.
  • Solution oriented – partnering with subject matter experts (e.g., system and process owners) to articulate potential risks and defining detailed action plans to address identified vulnerabilities.
  • Business partnering mindset with ability to support and manage improvement will also holding stakeholders to account in relation to delivery timelines.
  • Tenacity, commitment and personal drive to deliver whatever it takes.
  • Agile and responsive, with proven track record of fast, accurate delivery to deadlines.
  • Ability to judge when to support, when to intervene and when to escalate.
  • Attention to detail, and consistently demonstrate integrity and professionalism.
  • Take ownership of the process and drive changes throughout the organization without hierarchical authority.

Management skills

  • Stakeholder management – ability to challenge and influence key stakeholders.
  • Cross functional engagement – proactive engagement with peers across corporate functions, partnering with colleagues across the regional and local teams including IT functions, Network function, Risks and Controls, and with external consultants.
  • Ability to work autonomously, effectively manage competing priorities and drive multiple concurrent workstreams.
  • Strong analytical and problem-solving skills.
  • Strong project management skills.

We are a leading multinational company of mobile services, internet and cable television that is present in Latin America and we are the leading telecommunications company in Panama. In Latin America, Tigo has been recognized for several years in the "Great Place to Work" ranking as an excellent company to work for. Our people are our most precious asset. Tigo Panama directly employs more than 2,500 people nationwide and offers internal growth opportunities to its staff. We have a firm purpose that moves us and unites all of us who work in the company: "To build the largest digital network to connect Panamanians by developing the communities we serve and improving their quality of life." Sangre Tigo runs through our veins, we are proud of our company and its history, we are innovative, we are passionate, we live to improve our communities and our clients are at the center of everything we do. We invite you to be part of our Tigo family!

Millicom | Tigo is proud to be an Equal Employment Opportunity employer committed to a diverse workforce and nondiscrimination policy in all aspects of employment. We provide equal opportunity and access for all persons, without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, status as a disabled veteran or other protected veteran, or any other protected characteristic, in all phases of the employment process and in compliance with applicable federal, state, and local laws and regulations.

Millicom (Tigo)

About Millicom (Tigo)

Millicom (NASDAQ U.S.: TIGO, Nasdaq) is a leading provider of fixed and mobile telecommunications services in Latin America. Through our TIGO® and Tigo Business® brands, we provide a wide range of digital services and products, including TIGO Money for mobile financial services, TIGO Sports for local entertainment, TIGO ONEtv for pay TV, high-speed data, voice, and business-to-business solutions such as cloud and security.

Millicom (NASDAQ U.S.: TIGO) is a leading provider of fixed and mobile telecommunications services in Latin America. Through our TIGO® and Tigo Business® brands, we provide a wide range of digital services and products, including TIGO Money for mobile financial services, TIGO Sports for local entertainment, TIGO ONEtv for pay TV, high-speed data, voice, and business-to-business solutions such as cloud and security. As of March 31, 2025, Millicom, including its Honduras Joint Venture, employed approximately 14,000 people, and provided mobile and fiber-cable services through its digital highways to more than 46 million customers, with a fiber-cable footprint over 14 million homes passed. Founded in 1990, Millicom International Cellular S.A. is headquartered in Luxembourg.

Join us:

www.millicom.com

Twitter: @Millicom.

Instagram: @millicom.

Facebook: @millicom.

YouTube: Millicom International.

148-150, Boulevard de la Pétrusse

L-2330, Luxembourg

Industry
Telecommunications
Company Size
10,000+ employees
Headquarters
Luxembourg, LU
Year Founded
1992
Social Media