Vulnerability Management Expert

Key Responsibilities

• Focal point of contact for Vulnerability Management and related topics- a go-to person for consultation regarding the vulnerabilities identified by the tool and guide & assist Infrastructure and Application teams to remediate the vulnerabilities identified under their application/infrastructure scope.
• Person will be responsible preparing the Vulnerability Management Plan and the executes plan through all the phases of Vulnerability Management Lifecycle.
• Ensures that the Vulnerability scans are scheduled, configured in tool and are executed as per the schedule. Any failure of scans is to be investigated and schedule to re-run;
• Conducts periodical discovery of IT Assets and ensures that identified assets are highlighted to CMDB owner for appropriate Asset tagging and also onboards the new asset in Vulnerability Management tool;
• Assess the identified vulnerabilities and study & understand the risk profile, impact as per environmental context;
• Lead the discussions with Infrastructure and Application teams and advise them the relevance of vulnerability and help them understand the impact;
• Understand the false positives reported and the technical limitations of the environment and facilitate the process of Risk Acceptance.
• Collaborate with Infrastructure teams- Windows, Unix, Networks etc. for the remediation of the identified vulnerabilities.
• Maintain the Vulnerability Dashboard for the scope and submits reports both of Technical teams and Management Reporting;
• Organize work in order to achieve compliance to established KPIs for Vulnerability Management and proactively work towards achieving the same. Maintain periodical reporting on the progress;
• Escalate- discuss and consult- as required to next levels and Management in timely manner;
• Provide subject matter expertise for the Vulnerability Management service;
• Lead the Penetration testing remediation planning with cross functional teams;
• Conduct new threat exposure scanning across the asset scope and advise the applicability and lead remediation exercises with cross functional teams;
• Participate in meetings with various stake holders as per the schedules;
• Liaise with different teams in different geographical zones;
• Propose, plan and execute Service improvements initiatives;
• Adhere to different policies set out by the organization;
• Prepare and provide different reports (weekly/monthly/ad-hoc) to the Manager as necessary;
• Maintain appropriate knowledge required for successful and efficient delivery of the responsibilities;
• Keeping abreast of new threats and vulnerabilities and provide analysis as per applicability;
• Comply with all applicable legal, regulatory and internal Compliance requirements, including, but not limited to, the Singapore Compliance manual and Compliance policies and procedures as issued from time to time; Financial Security requirements, including, but not limited to, the prevention of Financial Crime and Fraud including reporting obligations to the Money Laundering Reporting Officer.

Qualifications and Profile

• Min 8 years of IT experience with 6-8 years of IT Security experience.
• 5+ years of experience in managing Vulnerability Management process for an enterprise.
• Should be a bachelors/masters/engineering graduate or equivalent technical degree in Information Technology or Computer Science;
• Professional Certifications (highly preferred)
• Certified Information Systems Security Professional (CISSP)
• GIAC Enterprise Vulnerability Assessor (GEVA), or any other Vulnerability Management Certification
• CREST certification
• Working & hands-on experience in managing Vulnerability Management process;
• Strong technical understanding and experience assessing vulnerabilities and identifying weaknesses in multiple operating system platforms, networks, database, and application servers.
• Ability to assess vulnerabilities and prioritize remediation planning;
• Experience in working collaboratively with cross-functional/transverse IT teams in Production setup (Operations) mode;
• Ability to apply Risk based approach while working on assigned responsibilities;
• Working experience in administrating and operating Tenable (Nessus) Security Center vulnerability management tool for a Large enterprise level environment;
• Good understanding of Reporting needs at various levels of organization and ability to design, create and present the same;
• Hands-on experience of creating reports using various tools such as Excel, PowerPoint, Word in graphical formats, trending;
• Proficiency in Powershell or SQL query
• Experience in working with any BI tools like Power BI etc. to prepare the dashboard;
• Knowledge of different domains of Information Security;
• Working experience in financial organization is highly preferred;
• Excellent in analytical, communication and documentation skills;
• Ability to organize work and be able to priories work as per the operation’s needs;
• Strong understanding of ITIL processes and comfortable working in process-oriented environment;
• Ability to work independently and as well as a part of team and is able to work under minimal supervision;
• Should have time management skills and able to manage work in fast moving environment;

Interested applicants please send your resume in MS Words format [email protected] and attention to Prasant Sirohi (R22106307)

Shortlisted candidates will be notified

www.ambition.com.sg

EA Registration Number: R22106307

Data provided is for recruitment purposes only

Business Registration Number: 200611680D. License Number: 10C5117