Position Summary The Vulnerability Management Analyst is responsible for maintaining and executing the Bank s comprehensive vulnerability management program in order to mitigate threats posed in the environment. The position will interact with multiple technology stakeholders in order to facilitate the vulnerability management program, as well as assist in the overall execution of the Bank s security and compliance portfolio. Primary Success Factors The Vulnerability Management Analyst will demonstrate proficiency in: Maintaining and executing the Bank s vulnerability management program to ensure that vulnerabilities are appropriately managed through the lifecycle in order to manage risk for the following process steps: Procedures Maintain and execute associated vulnerability management procedures. Scanning Execute comprehensive vulnerability scanning of the Bank s environment. Triage Evaluate risk of vulnerabilities to ensure that results are accurate and appropriately risk-categorized. Tracking and Reporting Maintain tracking and dashboards to denote risk ratings and target service level agreement goals, including risk acceptance and alternative action plans. Remediation Work with stakeholders to help define remediation plans for vulnerabilities according to established procedures, SLAs and remediation timetables. Validation Execute validation functions to ensure proper closure of the vulnerability. Measurement Maintain metrics relative to vulnerability management for reporting. Maintaining and improving the use of vulnerability management (and similar) software tools to gather information about the Bank s security posture; monitoring compliance with Bank security-hardening standards across all Bank technology platforms. Maintaining knowledge of new security threats, vulnerabilities and industry solutions, as well as security technology trends and advances; advising management on how these threats can affect information assets and providing recommendations for mitigating them. Assisting with third-party security, threat and vulnerability assessment activities. Assisting with the execution of the Bank s security compliance program to ensure adherence to security best practices, regulatory requirements and Bank security policies. Participating on project working teams that introduce new capabilities and technologies to ensure that vulnerability and hardening exposure is managed. Required Experience Bachelor s degree in information systems or related field, or an equivalent combination of education and work experience; industry certification or eligibility preferred (e.g., Security: CISSP, CISA and CRISC; Technical: OWASP) Three to five (or more) years of experience in information security or a combination of information security and IT/IS audit or related discipline Strong knowledge of vulnerability management processes to support external, internal and web application scanning practices Strong working knowledge of vulnerability management toolsets (e.g., Qualys) and all components of the toolset to fully operationalize the vulnerability management lifecycle Strong working knowledge of operational baselines hardening (e.g., CIS Benchmarking) standards Strong working knowledge of web application coding (dynamic) scanning practices Knowledge of security event monitoring and data access governance tools (e.g., Log Rhythm, StealthBits) Strong spreadsheet and data analytic skills (including detail focus and critical thinking) Knowledge of static code analysis tools is a plus Knowledge of data visualization toolsets (e.g., Tableau) is a plus Working knowledge of information security best practices, technology control frameworks (e.g., NIST CSF and COBIT) and information security risk management standards Knowledge of IT service management processes and related control activities in the areas of change management, computer operations, database administration, information security administration, network security, operating system security and web application security Knowledge of current tools/practices for developing and publishing policies, procedures, metrics and other information Strong organizational skills and written and oral communication skills Strong aptitude for technology, an ability to learn quickly, and a desire to solve problems and improve processes

* The salary listed in the header is an estimate based on salary data for similar jobs in the same area. Salary or compensation data found in the job description is accurate.

Launch your career - Upload your resume now!

Upload your resume

Loading some great jobs for you...