Vulnerability Management Expert

Focal point of contact for Vulnerability Management and related topics
- Person will be responsible preparing the Vulnerability Management Plan and the executes plan through all the phases of Vulnerability Management Lifecycle.
- Ensures that the Vulnerability scans are scheduled, configured in tool and are executed as per the schedule. Any failure of scans is to be investigated and schedule to re-run;
- Conducts periodical discovery of IT Assets and ensures that identified assets are highlighted to CMDB owner for appropriate Asset tagging and also onboards the new asset in Vulnerability Management tool;
- Assess the identified vulnerabilities and study & understand the risk profile, impact as per environmental context;
- Lead the discussions with Infrastructure and Application teams and advise them the relevance of vulnerability and help them understand the impact;
- Understand the false positives reported and the technical limitations of the environment and facilitate the process of Risk Acceptance.
- Person will be responsible to liaise with various stakeholders for proposing and maintaining the approvals for such cases;
- Collaborate with Infrastructure teams
- Windows, Unix, Networks etc. for the remediation of the identified vulnerabilities.
- Maintain the Vulnerability Dashboard for the scope and submits reports both of Technical teams and Management Reporting;
- Organize work in order to achieve compliance to established KPIs for Vulnerability Management and proactively work towards achieving the same. Maintain periodical reporting on the progress;
- Escalate
- discuss and consult
- as required to next levels and Management in timely manner;
- Lead the Penetration testing remediation planning with cross functional teams;
- Conduct new threat exposure scanning across the asset scope and advise the applicability and lead remediation exercises with cross functional teams;
- Participate in meetings with various stake holders as per the schedules;
- Liaise with different teams in different geographical zones;
- Propose, plan and execute Service improvements initiatives;
- Adhere to different policies set out by the organization;
- Prepare and provide different reports (weekly/monthly/ad-hoc) to the Manager as necessary;
- Maintain appropriate knowledge required for successful and efficient delivery of the responsibilities;
- Keeping abreast of new threats and vulnerabilities and provide analysis as per applicability;
- Comply with all applicable legal, regulatory and internal Compliance requirements, including, but not limited to, the Singapore Compliance manual and Compliance policies and procedures as issued from time to time; Financial Security requirements, including, but not limited to, the prevention of Financial Crime and Fraud including reporting obligations to the Money Laundering Reporting Officer.

**Responsibilies**:

- 10 -12 years of IT experience with 6-8 years of IT Security experience and 5+ years of experience in managing Vulnerability Management process for an enterprise.
- Should be a bachelors/masters/engineering graduate or equivalent technical degree in Information Technology or Computer Science;
- Professional Certifications (highly preferred) Certified Information Systems Security Professional (CISSP) GIAC Enterprise Vulnerability Assessor (GEVA), or any other Vulnerability Management Certification CREST certification
- Working & hands-on experience in managing Vulnerability Management process;
- Ability to assess vulnerabilities and prioritize remediation planning;
- Experience in working collaboratively with cross-functional/transverse IT teams in Production setup (Operations) mode;
- Must have working experience in administrating and operating Tenable (Nessus) Security Center vulnerability management tool for a Large enterprise level environment;
- Good understanding of Reporting needs at various levels of organization and ability to design, create and present the same;
- Hands-on experience of creating reports using various tools such as Excel, PowerPoint, Word in graphical formats, trending;
- Experience in working with any BI tools like Power BI etc. to prepare the dashboard;
- Knowledge of different domains of Information Security;
- Working experience in financial organization is highly preferred;
- Excellent in analytical, communication and documentation skills;
- Ability to organize work and be able to priories work as per the Operation’s needs;
- Must have strong understanding of ITIL processes and comfortable working in process-oriented environment;
- Ability to work independently and as well as a part of team and is able to work under mínimal supervision;
- Should have time management skills and able to manage work in fast moving environment;