We have an exciting opportunity for a Vulnerability Manager to join our award-winning Business Change and Technology team on a 12-month Fixed Term contract. Reporting into the Information Security Manager you will be responsible for managing, maintaining, and continuously improving the vulnerability management programme across our technology estate. This includes the identification, assessment, prioritisation, and remediation tracking of security vulnerabilities across on-premises systems, cloud environments, networks, applications, and endpoint devices.

This role will ensure our technology environment remains secure, resilient, and aligned with internal security policies, legal and regulatory requirements, and industry best practice.

Here at Mitchells & Butlers, we own and run more than 1,600 pubs, bars and restaurants including the stylish All Bar One brand, legendary Miller & Carter steakhouses, and the iconic Toby Carvery, alongside our Mediterranean Brands Ego & Pesto.  We are Mitchells & Butlers, and we set the industry standard within hospitality. 

   You will be well rewarded: 

• Working 35 hours per week, Monday to Friday, with flexibility around your personal commitments.
• 33% off at all our brands, including our hotels. Whether it’s date night at Miller & Carter or a family roast at Toby Carvery, we’ve got you covered.
• A pension that pays, where we’ll more than match your contributions (x1.5 of your contributions, up to a maximum of 5% of your salary).
• Private healthcare, dental plan, cycle-to-work, and keep-fit schemes.
• 26 days annual leave plus bank holidays.

The Opportunity – Vulnerability Manager:

Vulnerability Management & Analysis

• Lead the end-to-end vulnerability management lifecycle, including discovery, scanning, validation, prioritisation, reporting, and remediation tracking.
• Operate and optimise M&B’s vulnerability scanning platforms (e.g. Microsoft Defender Vulnerability Management, Edgescan, or equivalent).
• Conduct regular internal and external vulnerability assessments across infrastructure, applications, and cloud environments.
• Validate and analyse vulnerability data, ensuring findings are accurate, contextualised, and relevant to M&B’s operational environment.
• Identify and assess critical vulnerabilities and zero-day threats, determining when issues require an expedited remediation.
• Assess vulnerability severity in the context of real-world exploitability, considering threat intelligence, exposure, asset criticality, and compensating controls.
• Maintain a defensible view of which vulnerabilities are exploitable versus non-exploitable, clearly documenting risk decisions and rationale.
• Assess potential business risks based on exploitability, criticality, asset value, and threat intelligence.

Remediation Coordination

• Collaborate with internal technical teams and managed service providers to ensure vulnerabilities are remediated within agreed SLAs aligned to M&B’s risk appetite.
• Develop remediation plans, monitor progress, and escalate high-risk issues where necessary.
• Support patch governance activities, ensuring patch cycles and emergency patches meet M&B security requirements.

Security Governance & Compliance

• Ensure vulnerability management activities align with M&B’s Information Security policies, standards, and operational procedures.
• Support compliance with GDPR, PCI DSS, and other relevant frameworks.
• Produce monthly and quarterly vulnerability risk reports, dashboards, and KPIs for management and relevant stakeholders.
• Provide evidence and reporting for internal and external audits, penetration tests, and regulatory reviews.

Threat Intelligence & Continuous Improvement

• Integrate threat intelligence to focus remediation on actively exploited or high-risk vulnerabilities.
• Recommend improvements to tools, processes, automation, and reporting to enhance programme maturity.
• Stay updated on emerging vulnerabilities, zero-days, and relevant vendor advisories affecting hospitality and retail systems.
• Support incident response teams when vulnerabilities are linked to potential security events.

What you’ll need to bring to this Vulnerability Manager role:

• Proven experience in vulnerability management, cyber security operations, or technical security roles.
• Solid knowledge of cloud platforms (Azure), operating systems (Windows, Linux), networks, and common enterprise technologies.
• Familiarity with CVSS scoring, exploit analysis, and risk-based prioritisation.
• Experience working within large, distributed enterprise environments.
• Understanding of PCI DSS requirements relevant to a hospitality environment.
• Knowledge of SIEM, SOAR, EDR, and related security tooling.
• Ability to analyse large datasets and produce executive-level reporting with clear risk narratives.
• Experience supporting incident response and forensic investigations.
• Strong stakeholder management and communication skills, capable of influencing technical and non-technical teams.
• Understanding of patch management processes and operational constraints in business-critical environments.
• The ability to think laterally and constructively question established process.
• Able to manage multiple concurrent or competing demands.
• Confident and able to say no where appropriate.
• Positively collaborates with stakeholders to find reasonable and pragmatic solutions to issues.

Qualifications:

• Minimum of 3 years of hands-on experience in vulnerability management, cyber security operations, or a related technical security role.
• Demonstrable understanding of security principles, standards, and methodologies
• One or more of CISM, CISSP, CEH, CompTIA Security+, CompTIA CySA+, GIAC GVMS preferred.

What makes Mitchells & Butlers a great place to work?  

To us, a career isn’t just about ‘clocking in’. We really care about our colleagues, and we’re an employer that keeps a promise. In fact, as one of the largest employers in the country, with over 44,000 people working for us, we have the responsibility of valuing every contribution from a diverse workforce that are representative of our guests, and who make us stronger.  

At M&B we value the unique perspectives each person brings. We believe that by fostering a culture of inclusion, respect, and allyship, we create a sense of belonging, engagement and teamwork which are essential to delivering great guest experiences. Join us and be a part of a great team. 

Closing date: Wednesday 11th February 2026 at 11:59pm