IT Vulnerability Management Specialist (Hybrid)

Job Type:Permanent (Full-time)

Work Arrangement:Hybrid (3 days onsite, 2 days work from home);Onsite Work Location:Mandaluyong (Sheridan)

Work Schedule:Monday to Friday (day shift)

Benefits/Perks of the Role:

• Competitive Base pay and Monthly Allowances
• Hybrid Work Setup (3x onsite and 2x WFH per week)
• Variable Annual Performance Bonus
• Employee Stock Purchase Plan
• HMO + 2 free dependents
• Group Life Insurance
• Work-related trainings

Summary:Our client a leading Insurance and underwriting company is currently seeking for skilled IT Vulnerability Management Specialist that will be part of the Regional Technology Controls and Resiliency (TCR) Team and is responsible for delivery of IT Vulnerability Management program across all countries. The candidate will be responsible for management and delivery of large-scale Vulnerability Management program to address security threats, vulnerabilities, and business risks within the Asia Pacific region. This role will provide advisory support to setup and run Operating Technology (OT) Vulnerability Management Program by implementing and using Vulnerability Management technologies, tools, and processes. The candidate should be knowledgeable to support Operating Technology (OT) vulnerability lifecycle starting from detection to closure and keeping a risk-based approach throughout the lifecycle.

Key Responsibilities:

• Design and drive strategy and tactical plans toward holistic Vulnerability Management across multiple technology teams in a large complex organization.
• Analyse patch and vulnerability information for Vulnerability Management processes.
• Automate the Vulnerability Management process to improve operation efficiency.
• Provide status report to Regional RISO and IT leaders related to Vulnerability Management metrics, key risk indicators, trending and compliance reports.
• Collaborate with Information Security policies, standards and baselines and contribute efforts to measure compliance.
• Collaborate with cross-functional teams, including IT, security operations, and development teams, to ensure timely vulnerability remediation across on-premises and cloud environments.
• Leads the analysis, implementation, execution, and improvement of proactive security controls to prevent external threat actors from infiltrating company information or systems.
• Create and maintain SOPs for the Vulnerability Management program, provide technical knowledge to operations and production support teams.
• Work with portfolio manager to develop and maintain a vulnerability intelligence process that monitors for emerging systems vulnerabilities.

Requirements:

• Bachelor's degree in Information Technology, Computer Science or a related field
• Minimum5-7 years of IT security experiencesuch aspenetration testing, vulnerability scanning, security audits, configuring and managing security systems.
• Knowledge of security standards, frameworks, and best practices (e.g.,OWASP, CVE, CVSS).
• Technical knowledge and experience working with enterprise vulnerability management platforms.
• Work experience with vulnerability assessment tools likeRapid7, Nessusand similar.
• Extensive knowledge and experience with diverse IT architecture and enterprise IT data centers, external hosted service and cloud computing environments.
• Solid grasp of computer networking concepts and protocols and network security methodologies.
• Detailed comprehension of information security technology and tools, integrations, API and scripting.
• Relevant certifications such asCISSP, CISM, or equivalent are a plus.
• Team player with positive attitude. Highly driven, autonomous, and resilient. Enjoy working in a dynamic and multi-cultural environment.
• Good program/project management skills.