Vulnerability Management Analyst (Remote) in North Carolina

Vulnerability Management Analyst (Remote) - CIT Group - North Carolina - work from home job Company: CIT Group Job description: Job Description: Overview Responsibilities • This is an independent role, responsible for driving the development of vulnerability management metrics, gathering feedback from senior leaders in the organization, and being able to articulate metrics to senior leaders. • Evaluate and define functional requirements for vulnerabilities, flaws, and misconfigurations metrics. • Understand the end-to-end metrics process including metrics collection, tracking, and reporting. • Develop, maintain, and run advanced reporting, dashboards, scorecards, and analytical results. • Communicate metrics to system owners and business partners on outstanding vulnerabilities, issues, and concerns. • Develop and automate vulnerability metrics with specific procedures for data collection, analysis, and charting, partnering with necessary teams as appropriate. • Establish requirements for technical solutions and tools to effectively implement vulnerability metrics. • Map metrics to strategic objectives to provide insight into VM Program effectiveness. • Develop vulnerability KRIs/KPIs/metrics to demonstrate coverage and remediation effectiveness. • Develop program efficacy metrics to support platform stability and improvements. • Review business and internal requests for new or vulnerability management reporting and produce timely scoping documents outlining the requirements. Once approved, design the solution, develop metrics and reporting. • Work with stakeholders to identify risk-based vulnerability management metrics that align with the security program and security risk management. • Provide actionable recommendations to critical stakeholders based on data analysis and findings related to vulnerability management processes requiring reporting. • Aggregate vulnerability data across technologies such as endpoints, servers, network equipment, etc. for interpretation and presentation of composite risk. • Create and maintain relevant process documentation. • Cultivate and maintain strong relationships with business customers, program stakeholders and remediation teams. • Remote eligible. Qualifications Bachelor's Degree and 8 years of experience in Systems Engineering, Network, or Information Security OR High School Diploma or GED and 12 years of experience in Systems Engineering, Network, or Information Security • Experience with collecting, analyzing, and interpreting qualitative and quantitative data from various sources for the purposes of detailing results and analyzing findings to provide sophisticated threat intelligence. • Proven track record in vulnerability management at large, highly regulated, complex institutions • 5+ related experience in Information Security and Vulnerability Management reporting • Experienced in tools like Power BI, SQL, Tableau, MS Excel etc. • Experienced with collaboration tools such as JIRA, MSFT Teams, ServiceNow, Confluence etc. • Understanding of end-to-end security metrics processes including metrics collection, tracking, and reporting, including ownership and responsibilities for each activity. • Familiarity with architecture, engineering, and operations of one or more vulnerability management tools, such as Tenable, Wiz, Qualys, Rapid7, Brinqa, Kenna, or ServiceNow VR. • Ability to provide creative solutions to complex problems, and clearly communicate risk of vulnerabilities to all levels within an organization. • Ability to manage, organize, analyze, and present substantial amounts of data. • Possess a deep understanding of cybersecurity threats, vulnerabilities, controls, and remediation strategies. • Applied knowledge and experience in cybersecurity, technology infrastructure, vulnerability management, and security and controls. • An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily understood and actionable manner. • Experience in leading discussion and consensus involving cross functional teams (including remote and offshore) over security recommendations and planned actions. • Excellent written and verbal communication skills. • Excellent organizational and interpersonal skills and broad experience in interacting successfully with both technical and non-technical teams, with an ability to speak to the technical and business impacts of a vulnerability. • Demonstrated ability to work well independently with little input, and as a part of a team. • Highly self-motivated and self-directed, with keen attention to detail. Expected salary: Location: North Carolina Job date: Tue, 22 Aug 2023 22:20:56 GMT Apply for the job now! Apply tot his job Apply tot his job