Vulnerability Management (AEJ Operations and Governance):

Experience – 7-10 Years

• Co-ordinate with global VM team to collate APAC vulnerability data for a global bank
• Co-ordinate with APAC Technology teams to drive vulnerability remediation in AEJ region
• Articulates risk and impact to APAC IT leaders with the proven ability to convey the urgency and need to remediate a vulnerability commensurate with the risk it presents to the bank
• Experience on Vulnerability Management tools - Rapid7
• Experience in deploying and setting up the new scanner, running discovery, vulnerability scans and policy configuration
• Experience in troubleshooting and resolving the deployment issue from the Scanner
• Leads and drives remediation efforts within IT and Security environments to increase the efficiency of vulnerability management processes
• Exposure to  regulatory guidelines such as MAS TRM, SEBI etc
• Analyzes security issues, determine cause and impact and identifies the corrective action needed to eliminate and prevent the event from happening in the future
• Exhibits a good understanding of vulnerability validation, re-production, remedy advice and vulnerability research skills
• Actively engages with various internal stakeholders including IT Engineering and Infrastructure teams, development, corporate communications, and other relevant teams in Cybersecurity to conduct holistic response management on identified vulnerabilities and the remediation efforts
• Collaborates with IT Service teams to determine reporting and metrics needs and share and present reporting and metrics to Cybersecurity and IT Leadership.
• Demonstrates the ability to strike a balance between strategic and tactical activities required to run the vulnerability management, response and remediation efforts
• Participates in the creation, review and maintenance of current and proposed processes and procedures and related documentation within the vulnerability management and remediation team
• Good understanding in Web application security (DAST, Manual Web application testing)
• Good Understanding of OWASP Top 10
• Hands on experience in conducting CIS and other industry standard benchmark scans & reporting