About BDO
BDO is the leading mid-tier professional services provider globally. In 2024, we recorded global revenues of over US$15 billion across our core service lines - Audit & Assurance, Tax, Advisory, and Business Services & Outsourcing. With a worldwide community of over 119k professionals operating in 166 countries and territories, we’re dedicated to helping our clients navigate complex financial and strategic challenges, aligned to our core purpose ‘People helping people.’
More information about BDO can be found on www.bdo.global.
Why join us?
A great place to work
Building a thriving global team is an essential pillar of our bold new vision Global solutions. Driven to be the best. - so it’s no surprise that our offices around the world are regularly recognised with awards and accolades. We’re a people-powered business, with a diverse, dynamic and inclusive international team who are committed to excellence, innovation, and integrity.
Professional growth
Our collaborative, international environment fosters professional growth and development, to ensure that all our people thrive. We’re committed to transferring and sharing resources, knowledge, skills, and experience across our organisation, and our Global Mobility Programme provides the gateway to a whole world of opportunities.
Make a difference
We believe businesses have both an economic imperative and an ethical responsibility to contribute to a more sustainable and equitable world. In 2021, we committed to achieving net-zero carbon emissions by 2050 or sooner. As part of our global sustainability efforts, we continue to integrate responsible practices into our operations and work with clients to support their own net-zero journeys. In addition, we’re proud to support thousands of colleagues around the globe to ‘give back’ in the communities in which we operate.
Position: Exposure Management Specialist
The Exposure Management Specialist is responsible for operationalising the Continuous Threat Exposure Management (CTEM) process across BDO Global’s environment. This role integrates vulnerability management, threat intelligence, and asset inventories, ensuring risk-based prioritisation and remediation of exposures. The specialist drives governance, automation, and continuous improvement, embedding secure-by-design principles and aligning with BDO Global’s ISMS, Zero Trust architecture, and regulatory obligations (ISO 27001, GDPR, SOC 2). The role includes overseeing the exposure management lifecycle, collaborating with stakeholders, and ensuring continuous improvement and audit readiness.
Key accountabilities:
CTEM Process Establishment and Maintenance:
- Lead the end-to-end exposure management lifecycle: define scope, integrate with enterprise workflows, operationalise continuous assessments, and optimise through automation and AI-driven prioritisation.
- Embed CTEM within NIST CSF 2.0 functions (Identify, Protect, Detect, Respond, Recover, Govern).
- Ensure alignment with BDO Global’s risk governance and compliance frameworks.
Vulnerability Management Coordination:
- Oversee vulnerability identification, risk assessment, and prioritisation using threat intelligence feeds.
- Ensure developers remain accountable for technical fixes and assurance, not the specialist.
- Maintain and update vulnerability trackers and risk registers in line with ISMS requirements.
Stakeholder Engagement:
- Facilitate collaboration with SOC, Incident Response, Governance, Risk & Compliance, and Engineering teams.
- Drive integration of exposure management into operational processes and audit readiness.
Remediation Oversight:
- Track remediation progress, validate developer-provided fixes through automated testing and penetration simulation.
- Escalate unresolved issues and approve or recommend exceptions where necessary.
- Reduction in exploitable exposures and measurement of remediation velocity.
Process Improvement:
- Identify inefficiencies (e.g., unclear roles, outdated foundations) and implement continuous improvement loops using KPIs and lessons learned.
- Recommend tooling upgrades and resource allocation for exposure management maturity.
Awareness & Training:
- Promote secure-by-design and DevSecOps practices across development teams.
- Advocate for dedicated vulnerability management resources and AI support as needed.
Qualifications
- A Bachelor's degree in Cyber Security, Information Technology, Computer Science, or related field, or equivalent work experience.
- Certifications in security, vulnerability management, or information management (e.g., CISSP, CISM, CompTIA Security+, ISO 27001 Lead Implementer) are well regarded.
- Experience in vulnerability management, risk assessment, or security operations, with a focus on CTEM and exposure management.
- Demonstrated experience in implementing and maintaining vulnerability management and exposure management systems.
- Proven track record of developing and executing operational plans that align with organisational goals and regulatory requirements.
- Experience in collaborating with stakeholders at various levels of the organisation to integrate operational requirements into security processes.
- Experience with custom applications within complex enterprise environments
- Strong understanding of security standards, frameworks, and best practices (NIST CSF 2.0, ISO 27001, ITIL v4, GDPR, SOC 2).
- Experience with automation platforms and AI-driven risk analysis.
Experience & Skills
* Ability to prioritize and execute tasks based on company objectives.
* Ability to comprehend and independently carry out tasks implied by each request.
* Proactive and timely response to problems.
* Ability to apply both structured problem‑solving and lateral thinking when addressing issues.
* Experience managing operational KPIs and driving efficiencies within IT support services.
* Demonstrates leadership, teamwork, problem solving, initiative, proactiveness, and integrity.
* Ability to translate technical concepts into business‑focused explanations and understand business impact.
* Proven experience managing multiple concurrent tasks and assignments.
* Experience collaborating with multiple teams across different global regions to resolve complex IT issues.
* Ability to balance priorities among competing needs while providing high value to the organization.
* Strong negotiation and dispute‑resolution skills.
* Excellent interpersonal and written communication skills, with the ability to influence and guide team members.
Knowledge
- In-depth knowledge of CTEM, vulnerability management, and exposure management principles, practices, and methodologies.
- Understanding of relevant regulations and compliance requirements related to information security, data privacy, and risk management (e.g., GDPR, SOC 2, ISO 27001).
- Familiarity with emerging trends and technologies in exposure management, including automation, attack surface management, and AI/ML applications.
- Knowledge of risk governance frameworks and their application in an organisational context.
Skills and capabilities
- Excellent communication and interpersonal skills, with the ability to work independently and as part of a broad team to spearhead initiatives and deliver organisational outcomes.
- Project and change management skills and/or substantial exposure to project-based work structures.
- Ability to coordinate technical teams and drive accountability.
- Ability to design, review, and revise exposure management systems and practices in line with evolving business and technology requirements.
- Comfort operating in dynamic, evolving, and fast-paced environments with varying business and stakeholder needs.
Key Stakeholders:
The Exposure Management Specialist will work closely with Security Operations, Vulnerability Management Working Group, Project and Development Teams, SOC, Incident Response, Governance, Risk & Compliance, and Engineering teams across BDO Global.
Privacy statement
The BDO network is coordinated by Brussels Worldwide Services BV (BWS). By providing personal information during the application process, you consent to BWS processing your personal data for the purpose of treating your application, evaluating your candidacy, and contacting you about the position for which you have applied. We also may process your personal data to:
Evaluate you for any open positions throughout the BDO network.
Generate general statistics.
Inform you of any other job opportunities.
You also agree that we may share such data with BDO firms and service providers, if relevant to this job application.
BWS does not collect ‘sensitive’ personal information except when voluntarily provided by the candidate as part of the application.
If you voluntarily provide sensitive personal information as part of your application, you consent to the use of that information by BWS for legitimate business purposes and the transfer and storage of such information to and in BWS databases.