- Champion the vulnerability management program for Canadian Division, working with Canadian Division business units to develop strategies and improve vulnerability management practices.
- Design a server deployment process to ensure vulnerabilities are fixed before servers are promoted to production.
- Help business units improve their patching posture and adopt automation:
- Identify and drive removal of unneeded and end of life software
- Enhance vulnerability reporting capabilities
- Identify and drive upgrades of unsupported software which poses the greatest risks
- Educate business units on their role in the vulnerability management process
- Drive remediation for application and infrastructure vulnerabilities which may be identified through penetration tests, code scans, etc. Follow-up with business units to schedule remediation and connect them with subject matter experts as needed.
- Help improve the quality of asset data used for vulnerability management. Work with business units to implement asset management automation.
- Monitor and report on vulnerability management metrics across the Canadian Division.
- Have an opportunity to participate in other information risk management efforts such as:
- Assessing new technology and systems
- Improving application security
- Advising management on risks
- Assessing security practices of service providers
- 5 years of relevant information security and information risk management experience.
- Post secondary diploma or degree in computer science fields of study is desirable but not required.
- Professional certification(s) related to information security or information risk management such as CISSP, CISM, CISA, GIAC are preferred.
- Prior experience with vulnerability management and tools such as Qualys is preferred.
- Strong communication and negotiation skills.
- Influences others across the organization to accomplish their objectives.
- Works independently and takes initiative.
- Handles conflict well and maintains their professionalism at all times.
- Takes ownership for their objectives and ensures they are achieved.
- Functions well as part of a distributed team.
- Strong analytical skills.