Senior Vulnerability Management Analyst

Summary

Join Ivanti as a Senior Compliance Analyst and promote a culture of effective security controls and operational adherence to risk tolerances. You will design and implement an automated GRC continuous monitoring system, minimizing risk exposure. This role offers a chance to lead continuous monitoring and compliance efforts within a collaborative environment. You will assess security controls, develop risk monitoring methods, provide optimization support, and recommend compliance improvements. The position includes remote flexibility, competitive compensation, and a supportive culture.

Requirements

• Knowledge of compliance management concepts and continuous monitoring methodologies
• Knowledge of policy control management
• Knowledge of risk management processes (e.g., methods for assessing and mitigating risk)
• Knowledge of operational impact of control gaps
• Knowledge of industry-standards and organizationally accepted analysis principles and methods
• Knowledge of information technology (IT) architectural concepts and frameworks
• Knowledge of audit Frameworks (SOC 2, ISO, etc.) and principles
• Knowledge of system life cycle management principles, including software security and usability
• Knowledge of Vulnerability Management process and ability to perform issue analysis
• Experience using Qualys and its capabilities
• Experience sanitizing vulnerability scan reports and assisting with remediation recommendations

Responsibilities

• Assessing and analyzing security controls to ensure that they are being performed at the required frequency as stated by Ivanti policy and regulatory standards
• Developing methods to monitor and measure risk, compliance, and assurance efforts
• Providing ongoing optimization and problem-solving support
• Providing recommendations for compliance management improvements for the vulnerability management program
• Participating in the implementation of GRC continuous monitoring using Archer
• Verifying, sanitizing and reporting vulnerability scan results
• Tracking remediation of vulnerabilities by collaborating with engineers and developers
• Tracking audit and gap analysis issue remediation
• Participating in vulnerability risk assessments and resolution
• Assisting with audit walk-throughs

Preferred Qualifications

• Complete new hire training and onboarding requirements
• Complete FedRAMP Training
• Understand our Vulnerability Management policies and program
• Develop a rapport and collaborate with the product control owners
• Be able to create vulnerability scan issue tickets in the Azure DevOPs
• Be able to identify, prioritize and troubleshoot control gaps and assist with remediation
• Be able to lead weekly Vulnerability Management meetings and track issue remediation
• Complete deliverables ensuring that they meet compliance requirements, project plan specifications and deadlines
• Ability to identify automation opportunities for continuous monitoring and participate
• Have a good understanding of cloud security platforms, specifically AWS and Azure
• Earned the respect and trust of product security engineers/peers as it relates to his/her control ownership
• Have a good understanding of service request, change management and compliance systems/tools
• Be able to recommend time-saving improvements to the ticketing tools
• Be able to work on projects independently
• Demonstrates ability to participate in project planning
• Ensures deliverables meet compliance requirements and project plan specifications and deadlines
• Can clearly explain required tool enhancements to engineers for implementation
• Can perform all vulnerability management tasks without assistance

Benefits

• Remote flexibility
• Competitive compensation