Vulnerability Management, Risk Analyst

Vulnerability Management Risk Analyst (3rd party) - 100% remote** Optomi, in partnership with a company in the financial services space is looking for a Vulnerability Analyst to work with 3rd parties to asses risk and prioritize vulnerabilities. The Vulnerability Management Analyst will lead detail-oriented continuous monitoring related activities for third-party suppliers, along with application support responsibilities. The Vulnerability Management Analyst will also provide cybersecurity subject matter expertise, primarily focusing on third-party supplier vulnerability analysis, data analytics (strong excel skills required), and outreach to third-party suppliers on potential vulnerability exposures or emerging risks. Lastly, the Vulnerability Management Analyst will be responsible for support, troubleshooting, and enhancements for cybersecurity-related applications. This role is ideal for someone who thrives in a dynamic, fast-paced environment and is passionate about cyber security, data analysis, and supporting cyber security-related applications. • * Candidate must live close to a hub for tax purposes and minimal onsite presence (2-5x per month, max). Hubs are Chicago, IL, Jacksonville, FL, Dallas/Austin, TX; or New Jersey. If not local, candidate must be able to relocate on their own within 6 months max (relocation not included) Responsibilities: • Executes end to end cyber security processes for monitoring, engaging, tracking, and remediation activities related to third-party continuous monitoring, with a focus on vulnerability management and emerging risks • Coordinate outreach to relevant stakeholders to ensure vulnerabilities or emerging risks are addressed in a timely manner, building effective relationships and communication with internal/external stakeholders • Works with large data sets to correlate data under time sensitive deadlines, strong excel skills are required to perform the data analytics • Provides ongoing support for critical cyber security-related applications, troubleshoot issues, and collaborate with support teams to resolve application issues, which may include occasional after hour fixes • Exercises judgment to identify, diagnose, and solve problems within given rules • Assists in design, development, testing, implementation, & maintaining information security platforms to meet requirements for security functionality, performance, scalability, and resiliency • Troubleshoots and problem-solves complex issues with internal and external stakeholders, as required • Understands the scope of complexity that exists in computing environments, across all layers, and the ways which security platforms impact that environment. Equipped with the technical skills to achieve thorough cyber security analysis • Works independently on a range of complex tasks and meet deadlines under pressure, which may include unique situations • Ensures consistent, high quality practices/work and the achievement of business results in alignment with business/group strategies and with productivity goals • Tests new cybersecurity products and innovations to support tactical and strategic decision making • Provides advice, counsel, and support on information security platforms and services and recommends solutions • Develops and implements changes to streamline and integrate security processes and systems in the organization • Identifies opportunities to strengthen the information security capabilities • Stays well-informed on industry technical and business trends through participation in professional associations, practice communities, and individual learning Qualifications: • Strong experience in reviewing vulnerability management and penetration test reports for third-party suppliers, familiarity with OWASP, and ability to identify both risks and root causes3 - 5 years of relevant experience within cyber security for third-party risk management, vulnerability management, and data analytics. • A post-secondary degree in Cyber/Information Security, Computer Science, Engineering, Information Systems, or a related field of study or an equivalent combination of education and experience • Strong analytical experience, the candidate must be able to independently review technical artifacts to determine if they satisfy industry standard framework requirements and submit reports with their written and detailed analysis, including passing quality assurance processes • Strong proficiency in arenaflex Excel for data correlation and analytics, in addition to arenaflex Word, arenaflex Outlook, and closely tracking of tasks with frequent status updates • Technical and system-level expertise in one or more information security solutions and/or extensive background in security or IT design and engineering • Strong ability to interact and communicate both written and verbally with people at all levels, both technical and non-technical, in a dynamic environment where interactions vary from written to verbal communications. Additionally, must work well independently with the ability to produce deliverables on a daily basis • Preference for candidates with at least one certification in a related field, with strong preference for Cyber Security certifications from a well-recognized institution (e.g. (ISC)2, ISACA, SANS) • Familiarity with conducting cybersecurity assessments on third-party suppliers using common industry frameworks, including NIST Cyber Security Framework (CSF), NIST 800-53, ISO 27001 and 27002, Payment Card Industry (PCI) Data Security Standard (DSS), CIS Top 18/20, or OWASP • Excellent written and verbal communication skills for reporting and presenting reviews to senior leaders - in-depth • Knowledge of information security design and engineering concepts, practices, and technology obtained through formal training and work experience - In-depth • Knowledge of the technical/business environment and the corporate processes and procedures - In-depth • Technical proficiency gained through education and/or business experience • Collaboration, team skills, analytical and problem solving skills - In-depth Apply tot his job Apply tot his job