We are hiring for a Vulnerability Remediation Lead for an insurance company in BGC.
This role follows a hybrid setup with rotating shift schedule and pays up to 280K PHP monthly.
As the Vulnerability Management Lead, the candidate should be knowledgeable of supporting vulnerability management lifecycle (from detection to closure), keeping a risk-based approach throughout.
The best candidate will have the security-by-design mindset and yet understand the importance of building relationships with the wider Technology functions to convince them to remediate the identified vulnerabilities for reducing cyber risks to the Company.
In this position, you will work closely with the Application/Control owners, track remediation progress and publish metrics to senior management highlighting the vulnerabilities that have not been remediated in a timely manner.
Qualifications:
- Bachelor's Degree in Computer Science, Information Technology, or a related field
- At least 3 years of leadership experience with 10+ years of relevant role experience
- Experience in working with Vulnerability Management/Threat Intelligence tools such as Qualysguard, Tenable, Nessus, Wiz, Symantec etc.
- Fundamental understanding of Operating Systems Windows, Linux and Cloud
- Ability to apply risk-based approach while working on assigned responsibilities.
- Stays abreast of emerging trends, regulatory changes, and evolving threats in the security and compliance landscape, advising the organization on potential impacts and necessary actions.
- Ability to communicate effectively with all business levels internally and externally.
- Capable of communicating security-related concepts to a broad range of technical and non-technical individuals as well as understanding new technologies quickly.
- Ability to manage projects working with a diverse group of individuals across multiple geographies.
- Familiarity with ISO 27001, NIST, and other guidelines on information security controls.
- Certifications in one of more of the following is a plus: Certified Information Security Auditor (CISA), Certified Information Systems Security, Professional (CISSP) or Certified Information Security Manager (CISM)