Vulnerability Management, Risk Analyst

Optomi • Remote (Illinois, United States, US) • 1w ago

Vulnerability Management Risk Analyst (3rd party) - 100% remote**

Optomi, in partnership with a company in the financial services space is looking for a Vulnerability Analyst to work with 3rd parties to asses risk and prioritize vulnerabilities. The Vulnerability Management Analyst will lead detail-oriented continuous monitoring related activities for third-party suppliers, along with application support responsibilities. The Vulnerability Management Analyst will also provide cybersecurity subject matter expertise, primarily focusing on third-party supplier vulnerability analysis, data analytics (strong excel skills required), and outreach to third-party suppliers on potential vulnerability exposures or emerging risks. Lastly, the Vulnerability Management Analyst will be responsible for support, troubleshooting, and enhancements for cybersecurity-related applications.

This role is ideal for someone who thrives in a dynamic, fast-paced environment and is passionate about cyber security, data analysis, and supporting cyber security-related applications.

** Candidate must live close to a hub for tax purposes and minimal onsite presence (2-5x per month, max). Hubs are Chicago, IL, Jacksonville, FL, Dallas/Austin, TX; or New Jersey.

Responsibilities:

Executes end to end cyber security processes for monitoring, engaging, tracking, and remediation activities related to third-party continuous monitoring, with a focus on vulnerability management and emerging risks
Coordinate outreach to relevant stakeholders to ensure vulnerabilities or emerging risks are addressed in a timely manner, building effective relationships and communication with internal/external stakeholders
Works with large data sets to correlate data under time sensitive deadlines, strong excel skills are required to perform the data analytics
Provides ongoing support for critical cyber security-related applications, troubleshoot issues, and collaborate with support teams to resolve application issues, which may include occasional after hour fixes
Exercises judgment to identify, diagnose, and solve problems within given rules
Assists in design, development, testing, implementation, & maintaining information security platforms to meet requirements for security functionality, performance, scalability, and resiliency
Troubleshoots and problem-solves complex issues with internal and external stakeholders, as required
Understands the scope of complexity that exists in computing environments, across all layers, and the ways which security platforms impact that environment. Equipped with the technical skills to achieve thorough cyber security analysis
Works independently on a range of complex tasks and meet deadlines under pressure, which may include unique situations
Ensures consistent, high quality practices/work and the achievement of business results in alignment with business/group strategies and with productivity goals
Tests new cybersecurity products and innovations to support tactical and strategic decision making
Provides advice, counsel, and support on information security platforms and services and recommends solutions
Develops and implements changes to streamline and integrate security processes and systems in the organization
Identifies opportunities to strengthen the information security capabilities
Stays well-informed on industry technical and business trends through participation in professional associations, practice communities, and individual learning

Qualifications:

Strong experience in reviewing vulnerability management and penetration test reports for third-party suppliers, familiarity with OWASP, and ability to identify both risks and root causes3 - 5 years of relevant experience within cyber security for third-party risk management, vulnerability management, and data analytics.
A post-secondary degree in Cyber/Information Security, Computer Science, Engineering, Information Systems, or a related field of study or an equivalent combination of education and experience
Strong analytical experience, the candidate must be able to independently review technical artifacts to determine if they satisfy industry standard framework requirements and submit reports with their written and detailed analysis, including passing quality assurance processes
Strong proficiency in Microsoft Excel for data correlation and analytics, in addition to Microsoft Word, Microsoft Outlook, and closely tracking of tasks with frequent status updates
Technical and system-level expertise in one or more information security solutions and/or extensive background in security or IT design and engineering
Strong ability to interact and communicate both written and verbally with people at all levels, both technical and non-technical, in a dynamic environment where interactions vary from written to verbal communications. Additionally, must work well independently with the ability to produce deliverables on a daily basis
Preference for candidates with at least one certification in a related field, with strong preference for Cyber Security certifications from a well-recognized institution (e.g. (ISC)2, ISACA, SANS)
Familiarity with conducting cybersecurity assessments on third-party suppliers using common industry frameworks, including NIST Cyber Security Framework (CSF), NIST 800-53, ISO 27001 and 27002, Payment Card Industry (PCI) Data Security Standard (DSS), CIS Top 18/20, or OWASP
Excellent written and verbal communication skills for reporting and presenting reviews to senior leaders - in-depth
Knowledge of information security design and engineering concepts, practices, and technology obtained through formal training and work experience - In-depth
Knowledge of the technical/business environment and the corporate processes and procedures - In-depth
Technical proficiency gained through education and/or business experience
Collaboration, team skills, analytical and problem solving skills - In-depth