Grc Analyst – Vulnerability Management

Job Summary

The GRC / Vulnerability Management Analyst will support the corporate-wide IT Vulnerability Management Program. This person will understand end-to-end vulnerabilities within our environment, determine cause and impact and identify the corrective action needed to eliminate and prevent the event from happening in the future. They will partner with application and asset owners to remediate vulnerabilities found on their assets.

Responsibilities :

• Assist in other GRC tasks as necessary, like strengthening the processes and procedures, conducting risk assessments, etc.
• Work with application and asset owners to effectively communicate the risks of identified vulnerabilities and make recommendations regarding vulnerability remediation and/or the selection of cost-effective security controls to mitigate identified risks.
• After a plan for remediation is put in place, communicating, and working with teams at different levels, like GRC, Infrastructure, Application Teams, and Leadership.
• Manage application security catalogue and conduct ad hoc scans to validate findings from other tools.
• Provide support and resolution for scanning and vulnerability remediation reporting issues.
• Troubleshoot data collection points that feed into the vulnerability management platform like agents, authentication records, etc.
• Participates in the creation, review, and maintenance of current and proposed processes and procedures and related documentation within vulnerability management and remediation team.
• Tap into various Threat intelligence feeds to see what new Vulnerabilities are out there and proactively putting mitigation or remediation steps in place as needed.
• Work towards reducing the enterprise attack surface by scanning the external perimeter and using other tools like Security Scorecard.
• Assist in improving and automating existing vulnerability management lifecycle. Including but not limited to data ingestion & normalization, compliance metrics and detections on assets.
• Partner with application and technology teams to troubleshoot, develop, select, implement, and automate appropriate security solutions to keep system data protected from internal and external threats.
• Leverage API calls and scripting to automate and streamline regular repetitive tasks in the VM platform.
• Provide technical support for vulnerability management projects.
• Engage with vendors to proactively address open tickets and resolve issues in a timely manner
• Track vulnerabilities throughout their life cycle from a reporting and metrics perspective.
• Triage the vulnerability data from multiple sources (i.e., internal / external vulnerability scanning, internal / external penetration testing, etc.) and prioritize based on multiple factors including but not limited to severity, exploitability, risk, impact, etc.
• Discover assets, scan, and remediate them based on their criticality.
• Provide analysis and validation post remediation, opportunities for improvements, and out of the box thinking for optimizations and solving roadblocks.

Requirements :

• 5+ years of related experience, specifically in Engineering/IT Operations, Security Operations, Vulnerability Management, and/or Incident Response
• Excellent problem-solving skills with the ability to diagnose and troubleshoot technical issues
• Demonstrates ability to strike a balance between strategic and tactical activities required to run the vulnerability management, response, and remediation efforts
• Demonstrated experience in metrics collection, analytical, reporting, and communication skills
• Demonstrated experience with vulnerability scanning processes and tools (e.g., Qualys)
• Bachelor's / Master's degree in Computer Science, MIS, Cybersecurity, or a related field of study
• Ability to work comfortably and successfully in a fast-paced environment with frequent changes in priorities and ability to influence others or manage indirectly

The successful candidate will embrace Vertiv’s Core Principals & Behaviors to help execute our Strategic Priorities.

OUR CORE PRINCIPALS : Safety. Integrity. Respect. Teamwork. Diversity & Inclusion.

OUR STRATEGIC PRIORITIES

• Customer Focus

• Operational Excellence

• High-Performance Culture

• Innovation

• Financial Strength

OUR BEHAVIORS

• Own It

• Act With Urgency

• Foster a Customer-First Mindset

• Think Big and Execute

• Lead by Example

• Drive Continuous Improvement

• Learn and Seek Out Development

About Vertiv

Vertiv is a $5.0 billion global critical infrastructure and data center technology company. We ensure customers’ vital applications run continuously by bringing together hardware, software, analytics and ongoing services. Our portfolio includes power, cooling and IT infrastructure solutions and services that extends from the cloud to the edge of the network. Headquartered in Columbus, Ohio, USA, Vertiv employs around 20,000 people and does business in more than 130 countries. Visit Vertiv.com to learn more.

Work Authorization

No calls or agencies please. Vertiv will only employ those who are legally authorized to work in the United States. This is not a position for which sponsorship will be provided. Individuals with temporary visas such as E, F-1, H-1, H-2, L, B, J, or TN or who need sponsorship for work authorization now or in the future, are not eligible for hire.

Equal Opportunity Employer

Vertiv is an Equal Opportunity/Affirmative Action employer. We promote equal opportunities for all with respect to hiring, terms of employment, mobility, training, compensation, and occupational health, without discrimination as to age, race, color, religion, creed, sex, pregnancy status (including childbirth, breastfeeding, or related medical conditions), marital status, sexual orientation, gender identity / expression (including transgender status or sexual stereotypes), genetic information, citizenship status, national origin, protected veteran status, political affiliation, or disability. If you have a disability and are having difficulty accessing or using this website to apply for a position, you can request help by sending an email to [email protected].