(I793) - Technical Consultant - Vulnerability Management

(I793) - Technical Consultant - Vulnerability Management

22 Dec
Fidelity International

22 Dec

Fidelity International


Job Description

About the opportunity Department Description

The global cybersecurity & Information security (GCIS) department is a part of the Global Technology department. The Technology function provides IT services to the Fidelity International business, globally. These include the development and support of business applications that underpin our revenue, operational, compliance, finance, legal, and marketing and customer service functions. The broader organisation incorporates Infrastructure services that the firm relies on to operate on a day to day basis including data centre, networks, proximity services, security, voice, incident management and remediation.

Global Cyber & Information Security is responsible for:

Protecting the Technology Environment from internal and external security threats. Teams; Cyber Defence

Cyber Assurance & Compliance; Application Security (through secure coding practices, penetration testing, and developer training)

Infrastructure Security

Vulnerability Management

Identity & Access Management working to principles of least privilege, access appropriate to role, and Role Based Access Control

Security Engineering and Architecture

Information Security

Purpose of your role

This role will be a Technical consultant in Vulnerability Management team under the Cyber Assurance & Compliance group. The Vulnerability Management team is responsible for assessing and reporting on the security posture of FILs technology infrastructure, against known threats and vulnerabilities, and according to FILs internal policies and standards. The team is responsible for vulnerability & Configuration management activities such as scanning, reporting and tracking. Vulnerability Management team is responsible for overall identification, triage, scanning, and reporting against all vulnerabilities in the environment.

This Vulnerability Management Technical Consultant role will address vulnerabilities found through remediation recommendations, Vulnerability Alerts and Vulnerability Bulletins. Performs risk analysis and facilitates risk discussions for cross functional teams. Provides consultative services to a broad range of internal business leaders on risk and IT security to determine current and target risk levels. Assist with developing remediation plans. Monitor progress of agreed upon remediation plans. Includes ownership of multiple relevant security controls and all the associated assurance and compliance activities; definition, collection and reporting of relevant data points to support this activity; maintenance and configuration of associated technology capabilities.

The individual will also oversee that the teams is able to address vulnerabilities & security misconfigurations, provides consultative services to a broad range of internal business leaders on risk and IT security to determine current and target risk levels. Assist with developing remediation plans. Monitor progress of agreed upon remediation plans.

The successful candidate will have deep security and technical skills and experience. This task area requires technical knowledge in computer network theory, IT standards and protocols, as well as an understanding of the lifecycle of cyberspace threats, attack vectors, and methods of exploitation. The role requires a deep knowledge of deriving value from security data - KRIs, KPIs, risk prioritisation (including definition of), and an understanding of what it takes to secure an organisation (not just run a security process).

Key responsibilities

Contributes to the Vulnerability management program and ensures that vulnerabilities & security misconfiguration are identified, prioritized and timely mitigated

Own controls, their operation and generation of evidence

Define, update, publicize and ensure adherence to the VM policies & standards and ensure compliance

Develop remediation plan along with platform and application teams and monitor progress of agreed plans

Analyse known issues with vendor fixes and contact vendor for defined and attainable solution

Consult to range of internal business leaders on risk and IT security to determine current and target risk levels.

Oversees Penetration testing exercises and their closures

Providing inputs for the development, maintenance, and configuration of technology required to support operational processes

Provision of timely and appropriate management information on Vulnerability Management & Compliance status and issues

Preparation for and participation in internal and external audits.

Skills and experience

Must Have

At least 8-10 years experience working in a similar role

Strong hands-on experience working with Vulnerability Management tools & technologies

Proven experience of general infrastructure technologies and principles

Strong Vulnerability analysis and reporting capabilities

Experience in defining endpoint, network device & server hardening best practices

A strong disposition to take responsibility and to lead by example

Ability to draw on experience to question and challenge existing or proposed solutions

Strong communication skills and flexible team player

Ability to quickly grasp new technology concepts, new infrastructure components and their impact on the overall infrastructure topology

Good to have:

Candidates with CISSP or equivalent security certification or other security management certifications such as CISM and C|CISO

The original job offer can be found in Kit Job:

Reply to this offer

Impress this employer describing Your skills and abilities, fill out the form below and leave Your personal touch in the presentation letter.

Subscribe to this job alert:
Enter Your E-mail address to receive the latest job offers for: (i793) - technical consultant - vulnerability management
Publish a new Free Offer
Need to publish an offer? With more than 1 million unique users per month, you will find the ideal candidate for your company instantly, what are you waiting for!
Publish Now

Subscribe to this job alert