Vulnerability and Compliance Analyst in Alpharetta, GA at HUNTER Technical Resources

Date Posted: 9/14/2020

Job Snapshot

Job Description


Develop automated process to produce regular reports communicating the status of the Information Security program to multiple teams (Security, compliance, Engineering, Management and other teams)

Reviews corporate Information Security policies and. standards and aligns them to relevant control standards for teams to adhere to.

Organizes and updates. documentation and responds to inquiries in an organized and repeatable fashion. Example: PCI, PII, FedRAMP, MSAG etc.

Builds and maintains knowledge base of vulnerabilities with suggested remediation. Define best strategies and evangelize.

Builds and operates the platform to document, measure, and report assessments, risks, controls, findings, and remediation activity

Work with the teams to prioritize the security relevant stories in backlog

Derive KPIs and produce metrics for management to review the progress

Have a complete understanding of various security vulnerabilities, methodologies and their risk ratings

Oversee Risk Management Exception Escalation meetings with Leadership.

Engineering Support:
  • Recommend and coordinate the implementation of technical controls to support and enforce defined security policies.
  • Research, evaluate, recommend or plan the implementation of new or updated information, and analyze its impact on the existing environment; provide technical and managerial expertise for the administration of security tools/process

Operational Support:
  • Manage and coordinate operational components of security incident management, including detection response and reporting.
  • Manage the day-to-day activities of threat and vulnerability management, identify risk tolerances, recommend treatment plans and communicate information about residual risk.
  • Manage security projects and provide expert guidance on security matters for other IT projects.
  • Evaluate requests for exceptions to policies, ensuring sufficient mitigating controls are in place.
  • Review compliance requirements to align proactive approach to remain ahead of reporting needs
  • Ensure audit trails, system logs and other monitoring data sources are reviewed periodically and are in compliance with policies and audit requirements.
  • Provide Information security communication, awareness and training to the squads and tribes as needed. .
  • Engage in table top exercises to produce evidence based on process.
  • Continuously improve processes and implement tools for policy management