Enterprise Vulnerability Service Management Analyst
Atlanta, GA, US, 30328
Full Time Entry-level / Junior USD 93K - 154K
Graphic Packaging International, LLC
Graphic Packaging is a leader in consumer packaging solutions including folding cartons, cups, foodservice packaging, cooking solutions and multipack machinery.If you are a GPI employee, please click the Employee Login before applying.
At Graphic Packaging International, we produce the paper cup that held your coffee this morning, the basket that transported those bottles of craft beer you enjoyed last weekend, and the microwave tray that heated your gourmet meal last night. We’re one of the largest manufacturers of paperboard and paper-based packaging for some of the world’s most recognized brands of food, beverage, foodservice, household, personal care and pet products. Headquartered in Atlanta, Georgia, we are collaborative, diverse, innovative individuals who create inspired packaging while giving back to our communities.
With over 25,000 employees working in more than 130 locations worldwide, we strive to be environmentally responsible in our industry and in the communities where we operate. We are committed to workplace diversity and offer compensation and benefits programs that are among the industry’s best to reward the talented people who make our company successful.
If this sounds like something you would like to be a part of, we’d love to hear from you.
A World of Difference. Made Possible.
MISSION / SUMMARY:
Enterprise Vulnerability Management covers server, cloud, workstations, applications, appliances, and mobile devices to ensure all risk mitigation activities are performed in a timely manner to de-risk and protect Graphic Packing International’s enterprise assets from cyber-threats.
The primary mission includes evaluating security vulnerabilities, assessing risk and impact, developing mitigation strategies, and implementing remediation. Utilization of a host of GPI operational and cyber tools to discover, prioritize and automate methods towards vulnerability management tasks.
Primary Responsibilities
The Enterprise Vulnerability Analyst will be responsible with assisting the continual development and growth of the Enterprise Vulnerability Management, or EVM, program. This role will be collaborating with cross-functional and technical teams in a global, matrixed environment with the goal to de-risk GPI. Additional activities will include revising existing documentation and process models as well as assisting in the implementation of new, innovative methodologies of vulnerability management as necessary.
The analyst must be technically competent being capable of identifying process, security, and general technical gaps could cause security events and follow defined procedures for mitigating threats.
- De-risk the GPI enterprise utilizing tools that make up the GPI Operational Stack including but not limited to Qualys, ServiceNow, Delinea, and Sentential One
- Detection and reporting of all vulnerabilities (including misconfigurations) in all environments such as production and non-production including endpoint systems (including but not limited to network, servers, databases, application, and workstations)
- Collaborate with cross-functional, global organizations including IT Service Owners, managed service providers, shared services, as well as Plant and Mill IT groups
- Deep dives into vulnerability findings to determine End-of-Life services and operating systems, following through to ensure service remediation or operational risk exceptions are documented and reported
- Triage daily vulnerabilities, end of life systems, and application findings to determine required patching, remediation, and prioritization
- Driving process excellence in the enterprise vulnerability management space performing in a matrixed environment across operational, cyber and compliance teams
- Engage with department leaders, project managers, software development, and lines of business (LOB’s) to acquire support and evaluate all changes
- Serve as change agent by leading successful process improvement practices, diagnosing barriers to Enterprise Vulnerability Management success, facilitating resolutions as appropriate
- Apply industry best practices to maximize efficiencies and achieve adherence to diverse program policy guidelines
- Drive a regular cadence with stakeholders to gain a holistic perspective of the current state of VM and Patch Management operations
- Assist with the determination and the scope of the program
- Provide technical knowledge to operations and various support teams
- Continually add/update to the data quality of ServiceNow (ServiceGPI) and the CMDB
- Prepare and maintain technical documentation of VM program including requirements, SOP’s, architecture designs, network topology, applications, and application security designs
- Make strategic decisions based upon status reports to related to VM metrics, KPI’s, trending, and compliance
- Collaborate on Information Security policies, standards, and baselines and contribute efforts to measure compliance
- Collaborate on and provide EVM results and metrics for consistent reporting for governance purposes; collaborate and coordinate remediation plans and activities
- Help develop a long term EVM strategy that will address global information security needs (current state, gaps, and opportunities)
DESIRED SKILLS:
- Understanding the nature of a complex, matrixed, global enterprise environment, where the coordination of the various business and technical teams’ timelines, is paramount for execution and success in this role
- Ability to indirectly influence others to accomplish goals and objectives
- Strong communication & organizational skills
- Certification in Qualys Guard
- 5-7 years Vulnerability Management and or SecOps background
- 5-7 years ServiceNow experience or similar ITSM tools
- 3-5 years SCCM administration, package development & deployment
- 3-5 years of project management experience
- Strong ITIL framework methodology, governance policies, and associated processes
- Large Enterprise experience with a >25,000 userbase
- Proven success in a highly matrixed environment
- Strong track record of team development and management skills
BACKGROUND / EDUCATION/ EXPERIENCE:
- Bachelor’s degree in Information Technology or related field, with five years related experience or Associate degree with seven years related experience
- Experience in a 24/7 high-availability multi-site enterprise environment that includes including application hosting, voice and data networks, security management, and information protection
- Successful track record of collaboration with teams that deliver on operational priorities
- Experience providing on-site and remote technical support for IT infrastructure and end user services
- Strong written and verbal communication skills across a broad range of personnel across all business functions. Experience in a manufacturing environment desirable
- Ability to work in a virtual global team environment across all time zones
#LI-Hybrid
Salary Min: $93,030.00
Salary Mid: $124,005.00
Salary Max: $154,980.00
Graphic Packaging is an Equal Opportunity Employer. All candidates will be evaluated on the basis of their qualifications for the job in question. We do not base our employment decision on an employee's or applicant's race, color, religion, age, gender or sex (including pregnancy), national origin, ancestry, marital status, sexual orientation, gender identity, genetic identity, genetic information, disability, veteran/military status or any other basis prohibited by local, state, or federal law. Click here to view the Poster, EEO is the Law.
Tags: Application security Cloud Compliance Governance ITIL IT infrastructure KPIs Qualys SecOps Strategy Vulnerabilities Vulnerability management
Perks/benefits: Career development Startup environment Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Principal Security Engineer jobs
- Open Information Security Specialist jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Cyber Security Specialist jobs
- Open Manager Pentest H/F jobs
- Open Cybersecurity Analyst jobs
- Open Product Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open Senior Information Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Penetration Tester jobs
- Open IT Security Analyst jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Cybersecurity Consultant jobs
- Open IT Security Engineer jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open Security Operations Analyst jobs
- Open Windows-related jobs
- Open CISM-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open ISO 27001-related jobs
- Open Agile-related jobs
- Open Application security-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open IAM-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open Threat intelligence-related jobs
- Open SaaS-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Malware-related jobs
- Open Forensics-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open CEH-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs