Vulnerability Management Consultant
Vulnerability Management Consultant
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Not Disclosed
Salary Not Disclosed
1 Vacancy
Job Description
Job description
Vulnerability Management Consultant
Location Erlanger Kentucky(5 days onsite)
13 Exp. only
- Review Projects and their technical design documents for Information security risks and advise on suitable controls and mitigations at early stages of the program
- Fair understanding of Technology Landscape Applications Infrastructure Cloud and review
- Clients information security and related threats and vulnerabilities legal and regulatory
- requirements
- Good Understanding on Security Standards like ISO 270012 SOX ITGC SOC1 or SOC2
- DevSecOps OWASP top 10 Business Impact analysis ISO 22301 ISO 27005
- Assess and classify all potential business and infrastructure information risks
- Review and advise on information security risks of vendor offerings Newleveraging existing SAAS PAASIAAS services including integration with Client environment
- Conduct risk assessment on Applications Network Systems according to Client policies applicable Standards legal regulatory requirements
- Identify the risks in the Client Projects provide recommendations for remediation of identified risks
- Translate Technical legal and Regulatory Compliance obligations into a cohesive collection of Security Controls and provides the respective stakeholders with the IRM requirements and its implementation methodologies
- Identify or design the controls for implementation based on the outcome of Risk Assessment its remediation and residual risk
- Ensure all the controls outlined for an applicationInfrastructure are designed effectively
- Review Vulnerability Assessment and Penetration Test scan results and recommend the risks to be remediated
- Review and approve the control design of supplier and their organization technical specifications against Client security control requirements
- Ensure all the risks are documented classified and tracked with appropriate action as per the IRM standards
- Work with Project Managers Business Analysts Architecture and Support Team to ensure Client Information Risk Management standards are being followed
- Test the control effectiveness post implementation or deployment of controls and technologies
- Conduct Security governance with Client stakeholders
Technology
- Understanding of Cloud Security SAAS IAAS and PAAS and Onpremise infrastructure
- Understanding of secure application development and support
- Knowledge on Network Security Data Security Practices EndPoint Security Identity and
- Access Management
- Knowledge on Business Continuity Plan and Disaster Recovery
JD Keywords
Security Risk Assessment ISO 270012 SOX ITGC SOC1 or SOC2 DevSecOps OWASP
top 10 Security Risk Management Business Impact analysis Design Controls Data
Security Security Policy review Business Continuity Cloud Security Network Security
Identity and Access Management ISO 22301 ISO 27005 Control testing Control
assessment
Knowledge and skills
- Projects Stake holder Management Governance Management Reporting
- Very good communication skills Agile Project delivery
- Cloud Security controls Data Security SeInfo baselines Privacy requirements
Education Background
- BTech CA MBA MS Info Sec MTech
Industry Certifications
- ISO 27001 Lead Auditor or Lead Implementor CISA CRISC CISM CISSP
Skills
Mandatory Skills : Infra Vulnerability Management - QualysInfra Vulnerability Management - Rapid 7Infra Vulnerability Management - Tenable IOInfra Vulnerability Management - Tenable Nessus SC CSInfra Vulnerability management/Triaging/ Remdiation Advisory / ServiceNow /ITSM /CMDB
Required Skills : Project Coordination
Basic Qualification :
Additional Skills :
Background Check : No
Drug Screen : No
Employment Type
Full-time
