Vulnerability Risk Analyst

We are seeking a skilled and detail-oriented Vulnerability Risk Analyst with 3+ years of experience in identifying, assessing, and managing vulnerabilities within an organization's IT infrastructure. The ideal candidate will have hands-on experience working with vulnerability management tools such as Qualys, ServiceNow, SCCM, and possess a solid understanding of risk management frameworks. In this role, you will collaborate closely with cross-functional teams to identify, evaluate, and mitigate vulnerabilities and risks across the organization, ensuring compliance with industry standards and organizational security policies.

Key Responsibilities:

• Conduct vulnerability assessments using tools such as Qualys, SCCM, and other industry-standard vulnerability scanners.
• Analyze, prioritize, and categorize vulnerabilities based on risk assessments and business impact, ensuring that remediation efforts are aligned with the organizations risk management strategies.
• Collaborate with IT, security, and business teams to implement and track remediation efforts for vulnerabilities and risks across critical systems.
• Maintain and improve vulnerability management processes, workflows, and procedures within ServiceNow, ensuring that vulnerabilities are tracked, managed, and resolved in a timely and effective manner.
• Develop risk assessments for identified vulnerabilities and make recommendations on mitigating actions, considering both the technical and business impacts.
• Ensure that vulnerability management processes align with risk management frameworks such as NIST, ISO 27001, or CIS Controls, and collaborate with stakeholders to align remediation with enterprise risk management goals.
• Assist in the identification and assessment of emerging security risks, providing input on risk mitigation strategies and the potential business impacts of vulnerabilities.
• Develop, track, and report on vulnerability and risk management metrics, dashboards, and reports to provide visibility into the effectiveness of vulnerability remediation efforts and the overall risk posture.
• Lead risk and vulnerability reviews, ensuring appropriate prioritization of remediation activities based on risk appetite and impact to the business.
• Collaborate with internal audit and compliance teams to ensure adherence to security policies and regulatory requirements.
• Stay current on the latest vulnerability trends, threat intelligence, and security best practices, incorporating them into the organizations risk management approach.
• Provide regular risk assessments and assist in developing risk mitigation strategies for high-risk vulnerabilities.

Required Qualifications:

• 3+ years of experience in vulnerability management, risk analysis, or IT security roles.
• Proven hands-on experience with vulnerability management tools, particularly Qualys, ServiceNow, and SCCM.
• Strong understanding of risk management frameworks such as NIST, ISO 27001, or CIS Controls, with experience in applying these frameworks to identify, assess, and mitigate risks.
• Experience in performing risk assessments, vulnerability assessments, and identifying risk exposure across IT and business systems.
• Strong analytical and problem-solving skills, with the ability to prioritize risks and vulnerabilities based on business impact and potential threats.
• Proficiency in creating and managing tickets and workflows in ServiceNow, ensuring effective tracking of vulnerabilities and risks.
• Ability to communicate effectively with both technical and non-technical stakeholders, providing clear risk assessments and recommendations.
• Experience in collaborating with cross-functional teams to address vulnerabilities, risk remediation, and mitigation strategies.

Preferred Qualifications:

• Experience in cybersecurity certifications such as CISSP, CISM, or CompTIA Security+.
• Familiarity with other vulnerability management or IT security tools.
• Experience in cloud-based environments or infrastructure as a service (IaaS).
• Prior experience in developing risk mitigation strategies and assisting in the creation of enterprise risk management policies.