This position will work within our Global Security Compliance team to perform security governance, compliance and remediation activities with an initial emphasis on vulnerability management. The candidate must have strong written and verbal communication skills in the English language, strong organization skills and a basic understanding of cybersecurity principles and concepts.
Responsibilities may include:
- Perform vulnerability management governance. Support our accountability model, partnering with business owners while holding them accountable. Help to expand the program to include application security, penetration testing, and address unmanaged systems.
- Perform vulnerability triage. Gather, interpret and summarize results of various vulnerability reports and Security Alert Bulletins to determine and prioritize security risk associated with newly released vulnerabilities that may impact the software/hardware/applications utilized within HPE.
- Oversee vulnerability remediation. Manage critical vulnerability cases with urgency. Collaborate with Global Security stakeholders to identify critical vulnerabilities, notify business owners and hold them accountable for remediation through closure within the required timeframes and for reporting back to the Compliance team once complete.
- Perform lab compliance. Support our oversight model including, scan data analysis, reporting, announcements, owner identification, subnet blocks and vulnerability suppression. Expand effectiveness in R&D and other lab environments.
- Perform compliance evaluations. Conduct security compliance audits of business processes with global security impact. Contribute to the evidence-based, business user-driven Compliance Evaluation Process, with periodic sample reviews for compliance.
- Be an Advocate. Promote the global security program and cooperation across HPE business units.
- Know the industry. Stay abreast with emerging IT and cybersecurity technologies as well as industry trends within the cybersecurity governance, risk and compliance landscape.
- Know our company. Learn and support HPE’s strategic priorities, products and services.
- Have flexibility to meet coworkers in EMEA and US time zones Monday-Thursday when needed.
Education and Experience Required:
- Bachelor’s Degree or equivalent combination of education and experience in Information Security, Computer Science, Management Information Systems or related curriculum.
- At least 2 years of related experience in information security with an emphasis in governance, compliance, vulnerability management, IT audit and/or risk management.
- CISSP, CISM, CISA, CCSK or other professional security certifications a plus.
- Solid understanding of, and passion for, cybersecurity compliance and vulnerability remediation management.
- Knowledge of one or more security industry frameworks, such as ISO/IEC 27001/2 and NIST CSF.
- Ability to build relationships, engage and influence others and work with diverse teams and levels of an organization.
- Excellent time management skills with the ability to perform multiple tasks meeting critical deadlines while maintaining accuracy and quality.
- Excellent analytical and problem solving skills
- Strong teamwork and collaborative skills.
- Strong organization, prioritization, and rationalization skills.