Work Arrangement:Hybrid (3 days Onsite, 2 days Work from Home); Office Location: Sheridan Business Center,Mandaluyong City
Work Schedule:Monday to Friday (APAC)
Summary
- The position is part of the Regional Technology Controls and Resiliency (TCR) Team and is responsible for the delivery of IT Vulnerability Management programs across all countries.This role will provide advisory support to set up and run the Operating Technology (OT) Vulnerability Management Program by implementing and using Vulnerability Management technologies, tools, and processes. The candidate should be knowledgeable to support the Operating Technology (OT) vulnerability lifecycle starting from detection to closure and keeping a risk-based approach throughout the lifecycle.
Qualifications:
- Bachelor's degree in Information Technology, Computer Science, or a related field.
- At least5 to 7 years of IT security experiencesuch aspenetration testing, vulnerability scanning, security audits, configuring and managing security systems.
- Knowledge of security standards, frameworks, and best practices (e.g.,OWASP, CVE, CVSS).
- Technical knowledge and experience working with enterprise vulnerability management platforms.
- Work experience with vulnerability assessment tools likeRapid7, Nessus, and similar.
- Extensive knowledge and experience with diverse IT architecture and enterprise IT data centers, external hosted services, and cloud computing environments.
- Solid grasp of computer networking concepts and protocols and network security methodologies.
- Detailed comprehension of information security technology and tools, integrations, API, and scripting.
- Relevant certifications such asCISSP, CISM, or equivalent are a plus.
- Team player with a positive attitude. Highly driven, autonomous, and resilient. Enjoy working in a dynamic and multi-cultural environment.
- Good program/project management skills.
Responsibilities:
- Design and drive strategy and tactical plans toward holistic Vulnerability Management across multiple technology teams in a large complex organization.
- Analyse patch and vulnerability information for Vulnerability Management processes.
- Automate the Vulnerability Management process to improve operation efficiency.
- Provide status reports to Regional RISO and IT leaders related to Vulnerability Management metrics, key risk indicators, trending and compliance reports.
- Collaborate with Information Security policies, standards and baselines and contribute efforts to measure compliance.
- Collaborate with cross-functional teams, including IT, security operations, and development teams, to ensure timely vulnerability remediation across on-premises and cloud environments.
- Leads the analysis, implementation, execution, and improvement of proactive security controls to prevent external threat actors from infiltrating company information or systems.
- Create and maintain SOPs for the Vulnerability Management program, provide technical knowledge to operations and production support teams.
- Work with portfolio manager to develop and maintain a vulnerability intelligence process that monitors for emerging systems vulnerabilities.
