As a member of the Global Information Security (GIS) Cyber Security Assurance (CSA) Enterprise Infrastructure Remediation Governance (EIRG) team, you will ensure the security of our organization's core and cloud infrastructure by developing, overseeing, and improving vulnerability remediation governance models.
Key Responsibilities
* Oversee remediation efforts for identified vulnerabilities, including software, hardware, and compliance/configuration violations across various infrastructure environments.
* Analyze, identify anomalies, and prioritize findings using security monitoring systems such as Aqua, Qualys Scanning, Network Configuration Compliance tools, and Security Compliance tools.
* Conduct iterative reviews of known vulnerabilities across the organization's systems, accounting for environmental context that may affect standard remediation timelines.
* Collaborate with line‐of‐business contacts, GIS representatives, application designers, data owners, and system administrators to review and discuss remediation plans.
* Ensure both routine and bespoke remediation plans are implemented per agreed deadlines, with proper periodic reviews and alignment to information security guidelines.
* Identify and address potential gaps that could result in audit issues, escalating them for ownership by the EIRG team.
* Drive routine remediation of vulnerabilities and misconfiguration issues in public and private cloud infrastructure.
* Design and enhance the overall vulnerability management process for public and private cloud infrastructure.
* Serve as a key resource for improving remediation governance in both cloud and physical assets, acting as the APAC regional subject‐matter expert.
* Review all vulnerability scan results to identify security risks and report findings to appropriate partners.
* Respond to requests from key stakeholders for investigation of potential reporting issues.
* Provide reports and presentations on the status of regional remediation efforts, contribute to global reports, and ensure escalation of gaps or obstacles to management and relevant technical staff.
* Perform other related duties and special assignments within the GIS CSA division as needed.
Required Qualifications
* 5+ years of experience in Information Security.
* Proven project management skills.
* Experience with Aqua, Qualys Scanning, or similar security monitoring systems.
* Excellent communication skills with the ability to translate cybersecurity threats from a technical perspective to business‐line understanding.
* Ability to communicate risks and propose counter‐measures to both technical stakeholders and senior technology executives.
* Strong analytic, qualitative, and quantitative reasoning skills with creative problem‐solving abilities and log‐analytics or scripting experience.
* Ability to work independently on initiatives with little oversight.
* Motivated and willing to learn across the discipline and beyond.
* Broad technical background with security toolsets and technologies, such as cloud, server, workstation operating systems, network security, vulnerability scanning tools, and compliance management solutions.
* Strong PC skills, including Microsoft Office applications.
Desired Qualifications
* Bachelor's and/or Master's degree in Computer Science, Information Technology, or a related field.
* Additional 5+ years of experience in the relevant field.
* Strong analytical and problem‐solving skills, including conceptual thinking.
* Effective communication with both technical and non‐technical business owners.
* Experience leading internal efficiencies projects and development initiatives.
#J-18808-Ljbffr