Enterprise Vulnerability Service Management Analyst

If you are a GPI employee, please click the Employee Login before applying.

At Graphic Packaging International, we produce the paper cup that held your coffee this morning, the basket that transported those bottles of craft beer you enjoyed last weekend, and the microwave tray that heated your gourmet meal last night. We’re one of the largest manufacturers of paperboard and paper-based packaging for some of the world’s most recognized brands of food, beverage, foodservice, household, personal care and pet products. Headquartered in Atlanta, Georgia, we are collaborative, diverse, innovative individuals who create inspired packaging while giving back to our communities. 

With over 25,000 employees working in more than 130 locations worldwide, we strive to be environmentally responsible in our industry and in the communities where we operate. We are committed to workplace diversity and offer compensation and benefits programs that are among the industry’s best to reward the talented people who make our company successful.

If this sounds like something you would like to be a part of, we’d love to hear from you.

A World of Difference. Made Possible.

MISSION / SUMMARY:

Enterprise Vulnerability Management covers server, cloud, workstations, applications, appliances, and mobile devices to ensure all risk mitigation activities are performed in a timely manner to de-risk and protect Graphic Packing International’s enterprise assets from cyber-threats.

The primary mission includes evaluating security vulnerabilities, assessing risk and impact, developing mitigation strategies, and implementing remediation. Utilization of a host of GPI operational and cyber tools to discover, prioritize and automate methods towards vulnerability management tasks.

Primary Responsibilities

The Enterprise Vulnerability Analyst will be responsible with assisting the continual development and growth of the Enterprise Vulnerability Management, or EVM, program. This role will be collaborating with cross-functional and technical teams in a global, matrixed environment with the goal to de-risk GPI. Additional activities will include revising existing documentation and process models as well as assisting in the implementation of new, innovative methodologies of vulnerability management as necessary.

The analyst must be technically competent being capable of identifying process, security, and general technical gaps could cause security events and follow defined procedures for mitigating threats.

• De-risk the GPI enterprise utilizing tools that make up the GPI Operational Stack including but not limited to Qualys, ServiceNow, Delinea, and Sentential One
• Detection and reporting of all vulnerabilities (including misconfigurations) in all environments such as production and non-production including endpoint systems (including but not limited to network, servers, databases, application, and workstations)
• Collaborate with cross-functional, global organizations including IT Service Owners, managed service providers, shared services, as well as Plant and Mill IT groups
• Deep dives into vulnerability findings to determine End-of-Life services and operating systems, following through to ensure service remediation or operational risk exceptions are documented and reported
• Triage daily vulnerabilities, end of life systems, and application findings to determine required patching, remediation, and prioritization
• Driving process excellence in the enterprise vulnerability management space performing in a matrixed environment across operational, cyber and compliance teams
• Engage with department leaders, project managers, software development, and lines of business (LOB’s) to acquire support and evaluate all changes
• Serve as change agent by leading successful process improvement practices, diagnosing barriers to Enterprise Vulnerability Management success, facilitating resolutions as appropriate
• Apply industry best practices to maximize efficiencies and achieve adherence to diverse program policy guidelines
• Drive a regular cadence with stakeholders to gain a holistic perspective of the current state of VM and Patch Management operations
• Assist with the determination and the scope of the program
• Provide technical knowledge to operations and various support teams
• Continually add/update to the data quality of ServiceNow (ServiceGPI) and the CMDB
• Prepare and maintain technical documentation of VM program including requirements, SOP’s, architecture designs, network topology, applications, and application security designs
• Make strategic decisions based upon status reports to related to VM metrics, KPI’s, trending, and compliance
• Collaborate on Information Security policies, standards, and baselines and contribute efforts to measure compliance
• Collaborate on and provide EVM results and metrics for consistent reporting for governance purposes; collaborate and coordinate remediation plans and activities
• Help develop a long term EVM strategy that will address global information security needs (current state, gaps, and opportunities)

DESIRED SKILLS:

• Understanding the nature of a complex, matrixed, global enterprise environment, where the coordination of the various business and technical teams’ timelines, is paramount for execution and success in this role
• Ability to indirectly influence others to accomplish goals and objectives
• Strong communication & organizational skills
• Certification in Qualys Guard
• 5-7 years Vulnerability Management and or SecOps background
• 5-7 years ServiceNow experience or similar ITSM tools
• 3-5 years SCCM administration, package development & deployment
• 3-5 years of project management experience
• Strong ITIL framework methodology, governance policies, and associated processes
• Large Enterprise experience with a >25,000 userbase
• Proven success in a highly matrixed environment
• Strong track record of team development and management skills

BACKGROUND / EDUCATION/ EXPERIENCE:

• Bachelor’s degree in Information Technology or related field, with five years related experience or Associate degree with seven years related experience
• Experience in a 24/7 high-availability multi-site enterprise environment that includes including application hosting, voice and data networks, security management, and information protection
• Successful track record of collaboration with teams that deliver on operational priorities
• Experience providing on-site and remote technical support for IT infrastructure and end user services
• Strong written and verbal communication skills across a broad range of personnel across all business functions.  Experience in a manufacturing environment desirable
• Ability to work in a virtual global team environment across all time zones

#LI-Hybrid

Salary Min:   $93,030.00

Salary Mid:   $124,005.00

Salary Max:  $154,980.00

Graphic Packaging is an Equal Opportunity Employer. All candidates will be evaluated on the basis of their qualifications for the job in question. We do not base our employment decision on an employee's or applicant's race, color, religion, age, gender or sex (including pregnancy), national origin, ancestry, marital status, sexual orientation, gender identity, genetic identity, genetic information, disability, veteran/military status or any other basis prohibited by local, state, or federal law. Click here to view the Poster, EEO is the Law.

​