Wintrust provides community and commercial banking, specialty finance and wealth management services through its 16 bank charters and nine non-bank businesses. Wintrust delivers the sophisticated solutions of a large bank while staying true to the relationship-focused, personalized service of our community banking roots. We serve clients in all 50 states with more than 200 branch banking locations in Illinois, southwestern Florida, northwestern Indiana, west Michigan and southern Wisconsin and commercial banking offices in Chicago, Denver, Milwaukee, Grand Rapids, Mich., and in key branch banking locations throughout Illinois. Our people are the heart of our business and we are proud to rank consistently as a top place to work. Wintrust is a $66 billion financial institution based in Rosemont, Illinois, and listed on the NASDAQ Global Select Market under the symbol “WTFC.”
Why join us?
An award-winning culture! We are rated a Top Workplace by the Chicago Tribune (past 12 years) and Employee Recommended award by the Globe & Mail (past 6 years)
Competitive pay and discretionary or incentive bonus eligible
Comprehensive benefit package including medical, dental, vision, life, a 401k plan with a generous company match and tuition reimbursement to name a few
Promote from within culture
Why join this team?
This position has the opportunity to interface with and have a positive impact on multiple areas of Wintrust's business
We hold ourselves accountable to high standards, share wins, operate ethically, and have fun
Position Overview
Wintrust Financial is seeking a highly experienced Senior Manager of Threat Management, within its Cybersecurity organization. This leader will be responsible for oversight of Application Security, Vulnerability Management as distinct teams and third-party network/application penetration testing as an incumbent function of both programs.
This role will report directly to the VP of Security Engineering and Threat Management. This senior leadership role is responsible for the oversight and continuous advancement of maturity across three core functions within Threat Management: Secure Development, Security Testing and Scanning, and Remediation Consulting. The position focuses on embedding security into the software development lifecycle, strengthening vulnerability identification and prioritization processes, and delivering expert guidance on remediation to mitigate risks in alignment with financial services regulatory requirements and industry best practices.
The successful candidate will bring 7–10 years of progressive experience in cybersecurity, with demonstrated expertise in leading and managing application security, threat management, or vulnerability programs.
Experience implementing guardrails and controls for use of LLM’s within the software development lifecycle or AI in any automation capacity is considered a plus. Programmatic use or incorporation of AI/LLM’s is encouraged as part of future state program strategy.
What You’ll Do
Oversight and advancement of Secure Development practices, including SAST, DAST, SCA, IaC, API security, Threat Modeling, and integration into the Secure Development Lifecycle (SDLC)
Establish a 'Security Champions' program and lead tailored secure-code training initiatives to reduce recurring vulnerability patterns and foster a security-first culture among engineering teams
Develop and enforce enterprise application security standards and secure coding guidelines to corresponding application development and DevOps teams
Leadership of Security Testing and Scanning activities, encompassing Vulnerability Identification and Discovery, Risk Evaluation and Prioritization (using frameworks such as CVSSv3), Security Control Verification, Scan Operations, and Offensive Penetration Testing
Direct the execution of continuous security scanning and periodic penetration testing programs, ensuring comprehensive visibility into the external attack surface and internal infrastructure
Consulting services, including Patching guidance and governance, code refactoring, Configuration hardening, verification, and fix validation
Develop a repeatable process for ingesting, normalizing and third-party penetration test findings and coordinating with IT leaders on remediation expectations and minimizing risk tolerance incurrence
Qualifications
Bachelor’s degree or equivalent experience
7-10 years of related experience
Strategic program leadership experience with cross-functional collaboration with development, engineering, and business teams as well as the delivery of measurable improvements in the overall security posture
Strong communication and technical literacy around attack paths and vulnerability processes
CISSP, CSSLP, CISM, OSCP, GPEN, GWAPT or equivalent highly desirable
Benefits
Medical Insurance • Dental • Vision • Life insurance • Accidental death and dismemberment • Short-term and long-term Disability Insurance • Parental Leave • Employee Assistance Program (EAP) • Traditional and Roth 401(k) with company match • Flexible Spending Account (FSA) • Employee Stock Purchase Plan at 5% discount • Critical Illness Insurance • Accident Insurance • Transportation and Commuting Benefits • Banking Benefits • Pet Insurance
Compensation
The estimated salary range for this role is $158,000.00 - $199,000.00, along with eligibility to earn an annual bonus. Actual salaries may vary based on several factors, such as a candidate’s qualifications, skills and experience.
#LI-hybrid
#LI-JB1
From our first day in business, Wintrust has been proud to serve a variety of unique communities and people from all walks of life. To build a company that reflects the communities we serve, we believe that fostering a unique and inclusive workplace where everyone feels valued and empowered to succeed will support our ongoing success. Wintrust Financial Corporation, including community banking and financial services subsidiaries, is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, national origin, disability, veteran status, genetic information, and other legally protected categories.