logo

View all jobs

IT Vulnerability Risk Management Analyst, SAAS, Cloud based HR and Payroll

Oklahoma City, OK · Information Technology

Client:
Our client is a leader in Software-as-a-Service (SaaS) HR and Payroll Processing Services. They are able to help companies free themselves from the constraints of traditional software by providing them on-demand access to their payroll and HR data. In addition to payroll processing, our payroll product includes a robust suite of HR management tools, all in the same single application.  They help employers streamline their payroll and HR processes with the latest technology. They were the first to offer payroll services over the Internet and for over a decade, our Software-as-a-Service (SaaS) solution has helped to free companies from the constraints of traditional software. In addition to payroll processing we now offer time and attendance, HRIS, benefit administration, background checks, and COBRA compliance all in one online application. Publicly Traded.
Hot points:
·         New-age technology, coupled with a commitment to 1950s customer service is the driving force behind their competitive advantage.
·         client-driven development of their proprietary software makes it user friendly, while providing unmatched flexibility and scalability.
·         offers extensive training and all the tools a new sales representative needs to achieve success.
·         the nation’s most popular Internet payroll and Human Resource service provider.
·         Publicly traded

Location: Work 4 days a week from Home, 1 day a week in office.  Must live within 4 hours of Oklahoma City or Dallas.  Relo package available.

 Role: 

The IT Vulnerability Risk Management Analyst II will be responsible for applying Patch and Vulnerability management principles and best practices to proactively protect and maintain the confidentiality, integrity, and availability, of the company's data, computing systems, and networks (Security Critical Control of continuous vulnerability assessment and remediation). The analyst will be involved in all the steps of the Patch and Vulnerability Management process and will utilize a vulnerability scanner. They will be responsible for documenting procedures, provide direction and recommendations for patching, set up scans and assist in coordinating patching efforts. Analyst will enhance scan results by providing feedback on risks given the host/system criticality and compensating controls. 

The IT Vulnerability Risk Management Team is responsible for assessing and mitigating risk through internal risk assessments and risk assessments for 3rd party vendors. This includes reviewing security questionnaire responses, utilizing web app scanning technology and open-source software scanning technology, reviewing security compliance reports such as ISO27001, SOC 2, CSA, SIG, and more. Ultimately the team is responsible for providing security requirements and approval decisions from a security perspective for given technology initiatives.

Other responsibilities include: ongoing security hardenings of technology assets and monitoring compliance, security recommendations for business and technology initiatives, social engineering/phishing awareness and training simulations, and staying apprised of current security threats and vulnerabilities such as zero-day vulnerabilities.

RESPONSIBILITIES 

  • Endpoint vulnerability scanning, identification, risk ranking, and reporting
  • Tracking of remediation and actions taken and escalation requests through ticketing system
  • Facilitate discussions with stakeholders to come up with mutually agreed upon plans for patching
  • Communicate risks in a meaningful way to business units unfamiliar with security
  • Perform risk assessments for business and technology initiatives such as new vendors and supporting software
  • Become a SME and leader for some of the ongoing processes involving vulnerability scanning, reporting, and risk assessment
  • Issue phishing awareness training and simulations enterprise-wide and report metrics
  • Reporting of program key performance indicators and metrics
  • Manage/Create asset groups in vulnerability scanner
  • Facilitate Risk Acceptance process for asset owners
  • 3rd party risk assessments, including OSS, SaaS, on-prem, and hardware
  • Staying up-to-date and current on any trending vulnerabilities (including Zero-Day)
  • Support the Patch Tuesday Process for Microsoft Patching
  • Recommend and monitor security hardening settings for technology assets
  • Build relationships with other business units and technology groups and champion vulnerability management
  • Auditing of critical controls: Security Agents, Data protection, and malware defenses

Education/Certification: 

  • Bachelor's Degree in Computer Science, Management of Information Systems, Engineering or related Field

Experience Required: 

  • 3 years of vulnerability management, security risk management, and/or security administration

PREFERRED QUALIFICATIONS

Education/Certification: 

  • Industry Certification (Sec+, CASP, CISA, GSEC, CISSP) preferred

Knowledge/Skills/Abilities: 

  • Strong knowledge of threats and vulnerabilities associated with cloud and on premise technology
  • Experienced utilizing Vulnerability Management scanning tools and ticketing systems
  • Familiarity with GRC tools, particularly as it relates to vendor risk management
  • Facilitate proactive remediation of new vulnerabilities by collecting information from threat and vulnerability feeds, analyzing the impact/applicability to our environment and communicating applicable vulnerabilities and recommended remediation actions to the impacted teams
  • Perform security risk assessments for technology or business initiatives such as new software or services
  • Provide security recommendations to system and technology owners
  • Phishing and social engineering principles
  • Open-source software assessment and scanning
  • Containerization technology and security principles
  • Assist with routine compliance and audit functions to ensure regulatory scanning requirements are satisfied
  • Stay current on security industry trends, attack techniques, mitigation techniques, security technologies and new and evolving threats to the organization by attending conferences, networking with peers and other education opportunities
  • Ability to deliver reporting on and providing fixes to identified vulnerabilities
  • Strong analytical and problem solving skills
  • Highly responsive with an ability to handle escalations quickly and professionally
  • Strong verbal and written communication skills
  • Strong research skills and willingness to seek information
  • Maintain effective working relationships with supervisor and coworkers
  • Overcome hurdles that arise around applying security mitigations, controls and patching through collaboration and communication.





 
Powered by