Sr Specialist Vulnerability Advisory & Governance

HI

We are looking for Sr. Specialist Vulnerability Advisory & Governance

Experience : 8 Years - 12 Years

Duration : 1 Years Extendable

Location : KL , Malaysia

Notice period : 1 Month

Primary Skills understanding CVE assessment process, driving remediation of findings and knowledge of VM scan tool.

However, excellent communication skills and analytical mindset is a must

Cyber Assessment & Vulnerability Testing (CAT) Sr Specialist Vulnerability Advisory & Governance

Business Title: Sr Specialist Vulnerability Advisory & Governance

Function: Vulnerability Advisory

.

Main Purpose of Job:

This role will be part of the Vulnerability Advisory team within the Cyber Assessment & Vulnerability Testing (CAT) group and is responsible for the initial vulnerability (CVEs) assessment, ownership and classification of vulnerabilities Unified Risk Rating (URR) and notification of vulnerabilities identified as impacting the Bank's based on registered products in the CMDB to the relevant Product Owners and Technology SME teams. The role also requires working in close collaboration with SVLM team in ensuring remediation SLA for CVEs are aligned with scope and remediation prioritization.

This process would cover Infrastructure devices such as Windows, Unix, AIX, Database, Webservers, ATMs, Cloud Infrastructure, Network devices, Vendor provided applications and any other associated core infrastructure components. The role requires the ability to communicate and build relationships with technology product owners and support teams across geographies.

Key Roles & Responsibilities:

Oversee and prioritize vulnerability remediation efforts based on severity and potential impact on Bank's operation and reputation, which includes management of tracking and remediation of vulnerabilities by leveraging agreed upon action plans and timelines (SLAs) with Technology/ Business stakeholders within the Bank

Assess impact, threat and exploitation scenarios for potential vulnerabilities impacting the Bank's infrastructure or products, research on security vulnerabilities and latest advancements in the vulnerability management lifecycle and tools.

Aggregate vulnerability assessment results from security partner teams, utilizing a combination of automated tools and manual reviews to identify potential attack surface to drive remediation prioritization of high-profile vulnerability.

Collaborate with threat intelligence and cyber defence team to drive remediation prioritization or mitigation strategies by leveraging information on threat or exploitation context.

Coordinate and lead vulnerability management forums with operation and engineering teams as required to govern outstanding vulnerability remediation findings and providing status updates.

Initiating and managing vulnerability critical incident call by providing expertise and situational awareness in vulnerability assessment, advisory on mitigation strategies, attack surface reduction and remediation activities

Develop and maintain documentation related to vulnerability management, threat assessment and remediation process.

Support organization through internal and external audits of the various processes and procedures in use.

Leverage available data sets to deliver and enhance weekly/monthly recurring reports and present these in the relevant forums to stakeholders.

Stay abreast of emerging threats, vulnerabilities and mitigation techniques through ongoing research and professional development.

Communicate effectively orally and in writing and establish cooperative working relationships.

Qualifications & Skills:

Bachelor's Degree in Engineering, Computer Science/Information Technology or its equivalent.

Industry certifications will be a plus e.g. CISSP, CSSLP, SANS certifications

Between 8 - 12 years of in-depth, hands-on working knowledge in security technologies and operational experience in a global environment, preferably in Banking and Financial services sector.

Good working knowledge in:

The threat and vulnerability landscape including malware, emerging threats, attacks and vulnerability management

Vulnerability Management processes and technologies

Patch Management processes and technologies

Operating system security concepts

In depth understanding of CVSS scoring system.

Strong knowledge and subject matter expertise in multiple areas within Information Security.

Hands on skill and expertise in performing risk / Sr Specialist Vulnerability Advisory & Governances/risk consulting.

Excellent written, oral communication and reporting skills

Time management and organizational skills

Ability and desire to learn new skills quickly

Performs other related duties as assigned.