Vulnerability Remediation Lead
Mumbai, Maharashtra, India
WTW (NASDAQ: WTW) is in the business of people, risk and capital. With roots dating to 1828, our company has over 45,000 colleagues serving more than 140 countries and markets. Our values – client focus, teamwork, integrity, respect and excellence – underlie all that we do, including how we behave and interact with each other. They are part of our WTW DNA. We design and deliver solutions that manage risk, optimize benefits, cultivate talent, and expand the power of capital to protect and strengthen institutions and individuals. Our unique perspective allows us to see the critical intersections between talent, assets, and ideas — the dynamic formula that drives business performance. Together, we unlock potential. We are located on the internet at wtwco.com
What's in it for me?
When you join us, you make the decision to be a part of a leading global people, risk and capital company. We offer a rewarding and challenging environment. You will work with interesting people on exciting assignments. And there is always something new to learn. Working at WTW has its rewards. Not only do we get to collaborate with talented colleagues and work with great clients, we are offered competitive total rewards programs that align with our values. Some of our benefits & perks:
- Hybrid working
- Competitive rewards
- Work life balance
- Industry leading healthcare
- Savings and investments
- Educational resources
- Maternity and paternity leaves
- Opportunity to network and connect
- Corporate discounts on products and services
- Generous time off
Job Summary
As the Vulnerability Management Lead, the candidate should be knowledgeable of supporting vulnerability management lifecycle (from detection to closure), keeping a risk-based approach throughout. The best candidate will have the security-by-design mindset and yet understand the importance of building relationships with the wider Technology functions to convince them to remediate the identified vulnerabilities for reducing cyber risks to the Company.
In this position, you will work closely with the Application/Control owners, track remediation progress and publish metrics to senior management highlighting the vulnerabilities that have not been remediated in a timely manner.
Responsibilities
- Responsible for executing VM processes, guidelines, standards and metrics.
- Lead the vulnerability management program, including vulnerability scanning, assessment, and remediation.
- Identify and access security vulnerabilities across applications, systems, network and Infrastructure through regular scanning and assessments.
- Convincing control owners to remediate/mitigate the vulnerabilities making sure it is not impacting the business.
- Collaborate with cross-functional teams to identify and prioritize vulnerabilities based on their severity and potential impact.
- Provide technical expertise and guidance on vulnerability management best practices.
- Collaborate with system administrators, developers, and other relevant stakeholders to ensure secure software development practices.
- Build and expand internal relationships with key groups and stakeholders, creating efficiencies for any dependencies.
- Consult teams to resolve issues that are uncovered by various internal and third-party monitoring tools.
- Investigate and validate reported vulnerabilities from internal and external sources.
- Generate reports and metrics for management on vulnerability assessment finding, progress, and trends.
- Monitor and stay up to date with Industry trends and the latest vulnerabilities and threats
- Appy a structured methodology and lead change management initiatives to create a strategy to support adoption of the changes required by a project or initiative.
- Effective implementation of all the projects assigned and take complete ownership of the deliverables.
- Other managerial activities that help team and group objectives
Requirements
- Experience in working with Vulnerability Management/Threat Intelligence tools such as Qualysguard, Tenable, Nessus, Wiz, Symantec etc.
- Fundamental understanding of Operating Systems – Windows, Linux and Cloud
- Ability to apply risk-based approach while working on assigned responsibilities.
- Demonstrates proven extensive abilities with leveraging creative thinking and problem-solving skills.
- Ability to prioritize multiple requests and clearly communicate the priorities to the team and management.
- Stays abreast of emerging trends, regulatory changes, and evolving threats in the security and compliance landscape, advising the organization on potential impacts and necessary actions.
- Be able to identify and resolve conflicts and identify items that need senior management attention.
- Ability to communicate effectively with all business levels internally and externally.
- Capable of communicating security-related concepts to a broad range of technical and non-technical individuals as well as understanding new technologies quickly.
- Ability to manage projects working with a diverse group of individuals across multiple geographies.
- Familiarity with ISO 27001, NIST, and other guidelines on information security controls.
- Certifications in one of more of the following is a plus: Certified Information Security Auditor (CISA), Certified Information Systems Security, Professional (CISSP) or Certified Information Security Manager (CISM).
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: CISA CISM CISSP Cloud Compliance ISO 27001 Linux Monitoring Nessus NIST Strategy Threat intelligence Vulnerabilities Vulnerability management Windows
Perks/benefits: Flex vacation Parental leave Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Officer jobs
- Open Information Security Specialist jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Cyber Security Architect jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cybersecurity Analyst jobs
- Open Staff Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Security Specialist jobs
- Open Senior Information Security Analyst jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Penetration Tester jobs
- Open Consultant SOC / CERT H/F jobs
- Open IT Security Analyst jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Security Operations Analyst jobs
- Open Cybersecurity Specialist jobs
- Open IT Security Engineer jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open Agile-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open SaaS-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open Forensics-related jobs
- Open Java-related jobs
- Open Security Clearance-related jobs
- Open DevOps-related jobs
- Open CEH-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs