AVP - Patch & Vulnerability Management

Moodys   •  

New York, NY

8 - 10 years

Posted 177 days ago

This job is no longer available.

The Moody’s Information Security team is responsible for helping the organization balance risk by aligning policies and procedures with Moody’s business requirements. The team is responsible for the development, enforcement, and monitoring of security controls, policies, and procedures, and for the delivery of security services. The Information Security team sets the strategic direction for security within the organization and aligns with stakeholders throughout the company.

The assistant vice president- Will be involved in leading and guiding all the steps of Patch & Vulnerability Management. He or She Will utilize Nessus (a Tenable tool to assist with managing vulnerabilities). Document procedures, assist with what/where/when to patch, set up scans and assist in coordinating patching efforts. Engages in awareness, coordinating and communicating the patch-management process to stakeholders.

Functional Responsibilities

  • Run a patch and vulnerability management program in a diverse global multi-technology environment
  • Assist driving and enhancing and continual improvement of Moody’s patch management program
  • Serve as vulnerability management lead for applications, systems, and Network components.
  • Perform information system security vulnerability scanning to discover and analyze vulnerabilities and characterize risks to networks, operating systems, applications, databases, and other information system components.
  • Perform compliance scanning to analyze configurations and compare to established baselines, recommending remedial actions where necessary.
  • Engage with stakeholders, to include IT professionals, management, to facilitate vulnerability discovery, remediation, and tracking.
  • Communicate security and compliance issues in an effective and appropriate manner.
  • Validate remedial actions and ensure compliance with security policy and remediation targets.
  • Perform risk assessments and make remediation recommendations to tech owners.
  • Periodically review vulnerability exception requests to ensure compliance with the exception process.
  • Maintain vulnerability tracker to record Identification, publication, remediation, and closure of vulnerabilities.
  • Ability to adapt and respond to environment and priorities; manage deadlines and projects.
  • Ability to exercise sound technical, interpersonal and organizational judgment while evaluating and solving complex problems.
  • Partner with system owners to identify the upcoming end of life components, and plan to track their decommissioning.

Moody'sInformation TechnologyMinimum education and workexperiencerequiredfor this position include:

  • At least 7 years of experience in IT industry, preferably in a financial services organization.
  • Minimum of 5 recent years direct Patch & Vulnerability Management.
  • Background & experience of designing, defining and implementing Vulnerability Assessment tooling and services.
  • Good working understanding and working knowledge of Tenable Security Center, Rapid7, Qualys, or other related tools.
  • Knowledge of python scripting is a plus.
  • Interpersonal, collaboration, and negotiation skills.
  • Good understanding of data analysis, business process analysis, and reporting tools found within the Microsoft Office application suite.
  • Excellent understanding of project management methodologies & internal processes.
  • BS or BA degree, preferably in Technology.

Key Competencies

  • Ability to think with a security mindset. The successful candidate has an IT background with good level knowledge of multiple relevant security practice areas.
  • Experience in patch and vulnerability Management program management, procedures, and processes.
  • Ability to work in a time-sensitive environment; must be detail oriented and able to multitask to meet deadlines and company objectives.
  • Experience in large, geographically diverse enterprise networks.
  • Strong written and oral communication skills including the ability to interact directly with customers that do not have an IT background.
  • Develop procedures and process documentations.