Job scopes

• Responsible for preparing the Vulnerability Management Plan and the executes plan through all the phases of Vulnerability Management Lifecycle.
• Ensures that the Vulnerability scans are scheduled, configured in tool and are executed as per the schedule. Any failure of scans is to be investigated and schedule to rerun.
• Conducts periodical discovery of IT Assets and ensures that identified assets are highlighted to (CMDB) configuration management database owner for appropriate asset tagging and onboards the new asset in Vulnerability Management Tool
• Assess the identified vulnerabilities and study & understand the risk profile, impact as per environmental context.
• Participate and coordinate the discussions with Infrastructure and Application teams and advise them the relevance of vulnerability and help them understand the impact.
• Understand the false positives reported and the technical limitations of the environment and facilitate the process of Risk Acceptance.
• Liaise with various stakeholders for proposing and maintaining the approvals for such cases.
• Collaborate with Infrastructure teams for the remediation of the identified vulnerabilities.
• Maintain the Vulnerability Dashboard for the scope and submits
• Organize work to achieve compliance to established KPIs for Vulnerability Management and proactively work towards achieving the same.
• Maintain periodical reporting on the progress.
• Provide Specialist level for the Vulnerability Management service
• Lead the Penetration testing remediation planning with cross functional teams
• Conduct new threat exposure scanning across the asset scope and advise the applicability and lead remediation exercises with cross functional teams
• Participate in meetings with various stake holders as per the schedules
• Liaise with different teams in different geographical zones
• Propose, plan and execute Service improvements initiatives
• Adhere to different policies set out by the organization
• Prepare and provide different reports (weekly/monthly/ad-hoc) to the Manager as necessary
• Maintain appropriate knowledge required for successful and efficient delivery of the responsibilities
• Keeping abreast of new threats and vulnerabilities and provide analysis as per applicability
• Comply with all applicable legal, regulatory and internal Compliance requirements, including, but not limited to, the Singapore Compliance manual and Compliance policies and procedures as issued from time to time; Financial Security requirements, including, but not limited to, the prevention of Financial Crime and Fraud including reporting obligations to the Money Laundering Reporting Officer.

Job requirement

• Bachelor's degree in Computer science or equivalent
• Around 8 years of IT experience with 4-7 years of IT Security experience and 4+ years of experience in managing Vulnerability Management process for an enterprise.
• Working & hands-on experience in managing Vulnerability Management process
• Excellent technical understanding and experience assessing vulnerabilities and identifying weaknesses in multiple operating system platforms, networks, database, and application servers.
• Ability to assess vulnerabilities and prioritize remediation planning
• Ability to apply Risk based approach while working on assigned responsibilities
• Must have working experience in administrating and operating Tenable (Nessus) Security Center vulnerability management tool for a large enterprise level environment
• Good understanding of reporting needs at various levels of organization and ability to design, create and present the same
• Hands-on experience of creating reports using various tools such as Excel, PowerPoint, Word in graphical formats.
• Experience in working with any BI tools like Power BI to prepare the dashboard
• Knowledge of different domains of Information Security
• Working experience in financial organization
• Certified Information Systems Security Professional (CISSP)
• GIAC Enterprise Vulnerability Assessor (GEVA), or any other Vulnerability Management Certification
• Must have good understanding of ITIL processes and comfortable working in process-oriented environment

Cristina Malabuyoc Malijan EA License No. 02C3423 Personnel Registration No. R1111547

Please note that your response to this advertisement and communications with us pursuant to this advertisement will constitute informed consent to the collection, use and/or disclosure of personal data by ManpowerGroup Singapore for the purpose of carrying out its business, in compliance with the relevant provisions of the Personal Data Protection Act 2012. To learn more about ManpowerGroup's Global Privacy Policy, please visit https://www.manpower.com.sg/privacy-policy