-
Vulnerability Management: In-depth knowledge of vulnerability management, the vulnerability life cycle stages
-
Technical Remediation: Through understanding of remediation concepts/frameworks pertaining to vulnerabilities
-
Vulnerability Exception: Solid grasp of vulnerability exception processes, exception assessment processes, and compensating security controls.
-
Partner Engagement: Excellent partner leadership skills working with various levels of management/non-management colleagues within technology and business departments within LSEG.
-
Roadmap Development: Provide input, prepare, and update the VM roadmap. Develop, maintain, and publish project plans and operation schedules.
-
Reporting: Provide status reports to Cyber Security leadership on VM metrics, key risk indicators, trends, and compliance.
-
Solution Proposals: Propose VM concepts and solutions, prepare presentations, and coordinate vendor demonstrations.
-
Standard Operating Procedures (SOPs): Create and maintain SOPs for VM, providing technical knowledge to operations and production support teams.
-
Configuration Control: Maintain configuration control of VM hardware, systems, and application software. Coordinate upgrades and maintenance activities on VM tools.
-
Collaboration: Work closely with Vulnerability Assessment & Pen Testing teams to analyse results and threat feeds, reacting appropriately to security weaknesses or vulnerabilities.
-
Technical Documentation: Prepare and maintain user documentation of the VM programme, including requirements, architecture designs, network topology, applications, and application security designs.
-
Policy Collaboration: Collaborate on Information Security policies, standards, and baselines, contributing to compliance measurement efforts.
-
Governance Reporting: Collaborate on and provide VM results and metrics for consistent reporting for governance purposes. Coordinate remediation plans and activities.
-
Planning: Help develop a long-term VM strategy (3-5 years) addressing global information security needs, identifying current state, gaps, and opportunities.
-
Mentorship: Mentor and guide junior analysts, providing technical leadership and encouraging a culture of continuous learning and improvement.
-
Advanced Knowledge: Deep understanding of VM tools and technologies, including but not limited to Nessus, Qualys, and Rapid7.
-
Cloud Security: Extensive experience with cloud security platforms (e.g., AWS, Azure, Google Cloud) and their security configurations.
-
Pen Testing: Proficient in penetration testing methodologies and tools such as Metasploit, Burp Suite, and OWASP ZAP.
-
Security Patching: Expertise in security patching processes and tools, including WSUS, SCCM, and automated patch management solutions.
-
Scripting and Automation: Solid skills in scripting languages (e.g., Python, PowerShell) for automation of security tasks and processes.
-
Network Security: In-depth knowledge of network security principles, including firewalls, IDS/IPS, and network segmentation.
-
Compliance: Familiarity with regulatory compliance requirements (e.g., GDPR, HIPAA) and industry standards (e.g., ISO 27001, NIST)., * Bachelor’s degree in Computer Science, Information Security, or a related field.
-
5 years of experience in cybersecurity, with a focus on vulnerability management and cloud security.
-
Relevant certifications such as CISSP, CISM, or CEH.
-
Excellent analytical and problem-solving skills.
-
Good communication and presentation skills.
-
Ability to work closely with multi-functional teams., * Experience with advanced threat detection and response tools.
-
Knowledge of secure software development practices and DevSecOps or equivalent experience.
-
Experience in mentoring and developing junior team members.
Contact Detail:
Refinitiv Recruiting Team