Individual contributor position responsible for executing the vision design and implementation of Vulnerability Management (VM) program for CNA. This position supports the leadership in developing VM strategy and assists in conducting data security readiness assessments for the selection and implementation of enterprise data security standards. This position will focus on implementing and maturing the remediation program for both infrastructure and WebApp vulnerabilities by updating strategy policies and procedures and maturing vulnerability risk classification process.
Essential Duties & Responsibilities
Performs a combination of duties in accordance with departmental guidelines:
- Supports the Vulnerability Management program as a vulnerability management SME throughout a global technology organization with various legacy and modern systems within data centers and the cloud.
- Implements enterprise policy and technical standards with specific regard to vulnerability management and secure configuration.
- Assists with the entire vulnerability remediation process within CNA which may include vulnerabilities discovered through various channels such as but not limited to vulnerability scans pentesting application scanning responsible vulnerability disclosure program and etc.
- Partners with other Security and IT professionals to assess potential impact from vulnerabilities specific to the environment and recommend mitigating security controls.
- Identifies and recommends appropriate measures to manage and remediate vulnerabilities and reduce potential impacts on information resources to a level acceptable to the senior management of the company.
- Fully understands business requirements and assist leadership to define appropriate solutions for security objectives while meeting the business need.
- Provides guidance technical expertise and support to team members regarding vulnerability assessment.
- Develops and improves KPIs and metrics for vulnerability management functions.
- Participates in and lead new projects as needed.
May perform additional duties as assigned.
Typically Director or above
Skills Knowledge & Abilities
- Proven track record of vulnerability management experience with proven knowledge and competence in security concepts.
- Hands-on experience with vulnerability management tools and strong technical understanding and experience assessing vulnerabilities and identifying weaknesses in multiple operating system platforms database and application servers.
- Strong written and verbal communication skills with the ability to foster collaborative open working relationships with all parts of the business.
- High performance skillset which not only understands the threat spaces as it relates to risks but also able to meet the technical challenge of communicating this out to our teams.
- Solid understanding of vulnerability management programs including how to assess vulnerabilities prioritize and drive remediation activities.
- Reporting gaps in a meaningful way that addresses a business risk as well as providing technical solutions to the operations teams in remediation is key.
- Experience in interacting with auditors and regulators.
- Experience in working across public cloud and on-premises hybrid infrastructure.
- Experience in working with vulnerability scanning technologies at scale.
- Solid ability to make independent decisions and the judgment to know when to seek guidance.
- Solid understanding of risk vs severity.
Education & Experience
- Bachelor's degree in Computer Science or related discipline or equivalent work experience.
- Typically a minimum of six years' related work experience in Information Technology