Lead Cyber Security Analyst - Vulnerability Management - F&R
This role sits within our Financial & Risk ("F&R") business. On January 30, 2018, Thomson Reuters announced that it signed a definitive agreement to enter into a strategic partnership with private equity funds managed by Blackstone related to the company's F&R business. As part of the transaction, Thomson Reuters has agreed to sell a 55% majority stake in Financial & Risk and will retain a 45% interest in the business. Thomson Reuters will maintain full ownership of its Legal, Tax & Accounting and the Reuters News businesses. The transaction is expected to close in the second half of the year and is subject to specified regulatory approvals and customary closing conditions. When the transaction closes, this role will be included in the new F&R entity. Further information on this can be found at https://www.thomsonreuters.com/en/press-releases/2018/january/thomson-reuters-and-blackstone-announce-strategic-partnership-for-thomson-reuters-financial-and-risk-business.html
F&R is looking for a few highly skilled cyber security specialists to help staff a new location in the central business district of downtown Hoboken. This new facility will be home to a number of critical cyber security disciplines, designed to improve the overall security posture of F&R- including its assets, data and operations. Be part of an exciting, fast-paced environment that will help F&R strengthen its position.
We are currently seeking an Cyber Security Manager, Vulnerability Management to be located in our new Cyber Fusion Center in Hoboken, NJ. This position will report to the Director, Vulnerability Management in F&R's Information Security & Risk Management Organization. The Cyber Security Manager, Vulnerability Management will ensure that vulnerabilities are properly and timely identified with the goal of keeping F&R's infrastructure secure. This includes monitoring Vulnerability Management processes for performance, coordinating scanning schedules, risk acceptances, and serving as an administrator of the Vulnerability Management tool sets.
- Research and analyze vulnerabilities, identifying relevant threats, corrective action recommendations, summarizing and reporting results.
- Analyze vulnerability test results and engage with technology partners and business units in order to resolve identified vulnerabilities within SLAs.
- Identify and recommend appropriate measures to manage and remediate vulnerabilities with the focus on reducing potential impacts on information resources to a an acceptable level based upon Realogy's policies and standards.
- Able to successfully partner with other information security and IT infrastructure professionals to assess potential impact from vulnerabilities specific to F&R's environment and determine appropriate mitigating controls.
- Understands and advises on enterprise policies and technical standards with specific regard to vulnerability management and secure configuration.
- Build strong partnerships with technical teams to promote best practices for managing vulnerabilities in an agile manner; across traditional infrastructure and in cloud environments.
- Analyze business requirements and work with business partners to define appropriate solutions; meeting both security mandates and business needs.
- Review and/or escalate exception requests submitted to the Vulnerability Management team
- Using a risk based approach, analyze F&R's vulnerability data against open / closed information sources to best prioritize vulnerability hygiene activities.
- Produce metrics and reporting on the state of system security, threat, vulnerability and patch management.
- Develop and improve KPIs, metrics, and trend analysis for vulnerability management functions.
- Assist the team to maintain appropriate documentation that defines the Vulnerability Management Program, policies, and procedures.
- BS/BA degree in Computer Science/ Information Technology/ Information Security or related field or equivalent work experience
- 4+ years of experience in Information Security with a focus on Vulnerability Management
- 2+ years of work experience in Information Technology
- Previous experience working in large scale environments with diverse technologies
- Detailed knowledge of the Vulnerability Management process including vulnerability identification, false negative/positives identification & elimination
- Strong knowledge of Qualys, including configuration and maintenance, scan execution, cloud agent deployment and oversight
- Knowledge of industry standards relating to Vulnerability Management including Common Vulnerabilities and Exposures (CVE), Common Vulnerability Scoring System (CVSS) and Open Web Application Security Project (OWASP).
- Knowledge of technology and security topics including operating systems, network security, protocols, application security, infrastructure hardening and security baselines.
- Knowledge of Cloud technologies such as AWS and Azure
- Knowledge of general network, platform, enterprise, cloud and security technologies
- Basic knowledge of Security Standards/Controls specified under various IT governance and compliance models (NIST, HIPAA, PCI, GDPR, ISO 27001&27002).
- Willingness and ability to travel domestically and internationally up to 15%
- Certifications such as Security+, CISSP, CISM, and GCTI
- Knowledge of scripting languages desired
- Knowledge in various operating systems and enterprise platforms to include: Windows, Linux/Unix, Mac OS, iOS, Android, Active Directory, .Net framework, Oracle business products, SAP, etc.
At Thomson Reuters, we believe what we do matters. We are passionate about our work, inspired by the impact it has on our business and our customers. As a team, we believe in winning as one - collaborating to reach shared goals, and developing through challenging and meaningful experiences. With more than 45,000 employees in more than 100 countries, we work flexibly across boundaries and realize innovations that help shape industries around the world. Making this happen is a dynamic, evolving process, and we count on each employee to be a catalyst in driving our performance - and their own.
As a global business, we rely on diversity of culture and thought to deliver on our goals. To ensure we can do that, we seek talented, qualified employees in all our operations around the world regardless of race, color, sex/gender, including pregnancy, gender identity and expression, national origin, religion, sexual orientation, disability, age, marital status, citizen status, veteran status, or any other protected classification under country or local law. Thomson Reuters is proud to be an Equal Employment Opportunity/Affirmative Action Employer providing a drug-free workplace.
Intrigued by a challenge as large and fascinating as the world itself? Come join us.
To learn more about what we offer, please visit thomsonreuters.com/careers .
More information about Thomson Reuters can be found on thomsonreuters.com.
Hoboken-New Jersey-United States of America
Meet Some of Thomson Reuters's Employees
Software Engineer, Centre of Cognitive Computing
Lisa works with other engineers to develop products that are powered by artificial intelligence and capable of machine learning. She also conducts research to identify new uses for existing company data.
Back to top