Cyber Security Vulnerability Management Manager
Cyber Security Vulnerability Management Manager
Chennai, (India) Guadalajara, (Mexico)
ABOUT THE ENTERPRISE TECHNOLOGY SERVICES TEAM
The Enterprise Technology Services (ETS) team is accountable for all Infrastructure, Security, IT Operations and all End User Services and technologies. This group will ensure that our IT Services are seamless and secure, and that technology is delivered in an efficient, effective, and agile way, with a strong focus on experience. It’s a dynamic and challenging environment to work in – but that’s why we like it. There are countless opportunities to learn and grow, whether that’s exploring new technologies in hackathons, or transforming the roles and work of colleagues, forever. This is your chance to be part of a team that has the backing to innovate, disrupt an industry and change lives.
Understand that security is a journey and not a destination. Cyber Security is not something that can be “fixed”, and we instead need to focus on innovation to maintain sustainable risk position against the evolving threat landscape.
Understand that we can’t just buy our way out of a Cyber Security problem. Technology may win the battle, but it won’t win the war.
Understand that Cyber Security is not just dealing with individual hackers. We are potentially working against state-sponsored attacks and multi-billion-dollar organized crime syndicates.
Understand attackers, their motivations, and their ways of working to be able to get ahead and keep ahead of them.
Experienced in end-to-end Vulnerability Management processes (i.e., the VM lifecycle) with regards to On-Prem infrastructure security, application security and cloud security;
Improving and automating existing vulnerability management lifecycle. Including but not limited to, data ingestion & normalisation, compliance metrics and detections on assets.
Participate in impact assessments to help define prioritisation and proper monitoring coverage.
Develop automation, orchestration, and scripting to reduce manual processes, improving overall efficiency while also enabling new capabilities to meet our rapidly changing needs
Strong knowledge of vulnerability management – Triage, Prioritise, Remediate, and security threat modelling
Develop relationships with IT teams to resolve aging critical vulnerabilities on assets
Analyse requirements to develop and manage program metrics and performance through reporting and active engagement with stakeholders for continuous service improvement.
Experience working on vulnerability assessment tools and configuring sites, asset groups, Tags
Experience driving vulnerability remediation and governing a team of resources
Review new vulnerabilities published from multiple sources and identify those that may pose risk
Clear understanding on vulnerabilities and what it requires to remediate
Should have good knowledge of analysing vulnerabilities, prioritization based on risk. Driving remediation or closure of the vulnerabilities with remediation teams.
Able to provide remediation solutions for the vulnerabilities based on the unique vulnerability categorization. Support teams to understand what is required to remediate vulnerabilities.
Provide technical expertise in providing compensating controls for exception vulnerabilities
Extensive experience working in Security, in a complex, multinational, corporate environment
A high level of governance knowledge
A deep understanding of various security technologies and controls
Demonstrate a detailed understanding of Cyber security
Experience of vulnerability management methodologies and tools
A relevant technical degree, competence or equivalent (CISSP, CISM, CCSP) and competence to lead various Security initiatives
Excellent problem solving and troubleshooting skills, autonomous working, direction and goal setting
Strong written and verbal communication skills along with the proven ability to present complex, technical information to both technical and non-technical audiences
Be valued and respected for collaboration, integrity and enablement
Experienced in developing and leading innovative solutions and “thinking outside of the box”
Ability to analyze complex situations, assessing risks and balancing strategic and tactical Security requirements with business pragmatism, risk appetite and innovation
Ability to prioritize, re-schedule and adapt to changes in a dynamic environment
Excellent business acumen with sensitivity to environment
IT Operational teams
AZ business risk / security teams
Internal audit teams
IT & Global Compliance teams
SO, WHAT NEXT?
If you’re interested in applying, we encourage you to apply using your completed Workday profile where possible.
AstraZeneca embraces diversity and equality of opportunity. We are committed to building an inclusive and diverse team representing all backgrounds, with as wide a range of perspectives as possible, and harnessing industry-leading skills. We believe that the more inclusive we are, the better our work will be. We welcome and consider applications to join our team from all qualified candidates, regardless of their characteristics. We comply with all applicable laws and regulations on non-discrimination in employment (and recruitment), as well as work authorization and employment eligibility verification requirements.