Job Description :
Position Summary
The Vulnerability Management Analyst is responsible for maintaining and executing the Bank’s comprehensive vulnerability management program in order to mitigate threats posed in the environment. The position will interact with multiple technology stakeholders in order to facilitate the vulnerability management program, as well as assist in the overall execution of the Bank’s security and compliance portfolio.



Primary Success Factors
The Vulnerability Management Analyst will demonstrate proficiency in:

Maintaining and executing the Bank’s vulnerability management program to ensure that vulnerabilities are appropriately managed through the lifecycle in order to manage risk for the following process steps:
Procedures – Maintain and execute associated vulnerability management procedures.

Scanning – Execute comprehensive vulnerability scanning of the Bank’s environment.

Triage – Evaluate risk of vulnerabilities to ensure that results are accurate and appropriately risk-categorized.

Tracking and Reporting – Maintain tracking and dashboards to denote risk ratings and target service level agreement goals, including risk acceptance and alternative action plans.

Remediation – Work with stakeholders to help define remediation plans for vulnerabilities according to established procedures, SLAs and remediation timetables.

Validation – Execute validation functions to ensure proper closure of the vulnerability.

Measurement – Maintain metrics relative to vulnerability management for reporting.

Maintaining and improving the use of vulnerability management (and similar) software tools to gather information about the Bank’s security posture; monitoring compliance with Bank security-hardening standards across all Bank technology platforms.
Maintaining knowledge of new security threats, vulnerabilities and industry solutions, as well as security technology trends and advances; advising management on how these threats can affect information assets and providing recommendations for mitigating them.
Assisting with third-party security, threat and vulnerability assessment activities.
Assisting with the execution of the Bank’s security compliance program to ensure adherence to security best practices, regulatory requirements and Bank security policies.
Participating on project working teams that introduce new capabilities and technologies to ensure that vulnerability and hardening exposure is managed.
Required Experience
Bachelor’s degree in information systems or related field, or an equivalent combination of education and work experience; industry certification or eligibility preferred (e.g., Security: CISSP, CISA and CRISC; Technical: OWASP)
Three to five (or more) years of experience in information security or a combination of information security and IT/IS audit or related discipline
Strong knowledge of vulnerability management processes to support external, internal and web application scanning practices
Strong working knowledge of vulnerability management toolsets (e.g., Qualys) and all components of the toolset to fully operationalize the vulnerability management lifecycle
Strong working knowledge of operational baselines hardening (e.g., CIS Benchmarking) standards
Strong working knowledge of web application coding (dynamic) scanning practices
Knowledge of security event monitoring and data access governance tools (e.g., Log Rhythm, StealthBits)
Strong spreadsheet and data analytic skills (including detail focus and critical thinking)
Knowledge of static code analysis tools is a plus
Knowledge of data visualization toolsets (e.g., Tableau) is a plus
Working knowledge of information security best practices, technology control frameworks (e.g., NIST CSF and COBIT) and information security risk management standards
Knowledge of IT service management processes and related control activities in the areas of change management, computer operations, database administration, information security administration, network security, operating system security and web application security
Knowledge of current tools/practices for developing and publishing policies, procedures, metrics and other information
Strong organizational skills and written and oral communication skills
Strong aptitude for technology, an ability to learn quickly, and a desire to solve problems and improve processes