Listing Description
A bit about us:
The future of banking is here! We’re building the next generation of banking technology and actively transforming the way we operate at Zions Bancorporation. In turn, our Enterprise Information Security department is hiring folks at all levels, from Analyst to Manager.
Enterprise Information Security (EIS) is integrated with the Technology division (860+ people), and is responsible for enabling secure innovation and business growth for 13,000 employees across 11 states. What’s great about our department is that we laugh with each other, have Executive- and Board-level visibility and support for our work, and are driving highly-visible, enterprise-wide initiatives. We’re focused on creating business value and are seeking like-minded professionals to join our team!
Let’s talk about you:
Do you…
• lead by example?
• enjoy collaborating with and influencing others to achieve the right outcomes?
• love securing information assets from malicious users?
• want to work on the implementing leading-edge solutions to enterprise challenges?
• demonstrate persistence in reaching goals in the face of adversity?
• function as team player who isn’t afraid to challenge the status quo?
• want to work on a team where your input matters?
• think in terms of confidentiality, integrity, and availability?
• excel in learning things quickly and thoroughly?
• enjoy sharing your hard-earned knowledge to help others grow and make a real difference?
• transform ambiguity into focused, productive, impactful outcomes?
• love to get things done, the right way, the first time?
If you think systematically, achieve purposefully, speak diplomatically, and act with integrity, the EIS department can’t wait to hear from you!!
The scope and impact of your work:
As the Manager, Cyber Vulnerability Management (MCVM), you are a collaborative, analytical, detail-oriented technology leader who can articulate risk, manage complex projects, and build cross-functional excellence to secure technology ecosystems. You’re not one to accept “we’ve always done it this way” and lead a team of analysts responsible for evaluating, tracking and reporting on system vulnerabilities ranging from industry-identified common vulnerabilities and exploits (CVEs) to specific weaknesses identified through penetration testing. The CVM functions include:
• Manage a continuous vulnerability scanning program encompassing a vast network of internal and public-facing IT assets across multiple platforms and architectures
• Define and implement risk ratings, models, and hierarchies to identify the impact, severity and overall risk of vulnerabilities
• Track, measure, correlate, and report on vulnerability identification, stakeholder notification, and remediation
• Evaluate specific applications, infrastructure, and systems for potential vulnerabilities and exploits, including system dependencies or architectural characteristics that might lead to increased exposure, beyond industry-identified CVEs
• Analyze and report on vulnerability trends over time to identify areas of weakness and/or prioritization
• Liaise with key vulnerability management stakeholders across the company for improved communication, coordination and process improvement, including Information Technology, Cybersecurity Architecture, Enterprise Architecture, Planning & Delivery, Business Technology, Enterprise Risk Management, and Internal Audit
• Provide vulnerability insight to inform the company’s cybersecurity risk assessment process for applications, vendors, systems, and services
• Scope and facilitate independent penetration testing performed by third parties
• Lead automation efforts in the detection, categorization, reporting, tracking, and remediation of identified vulnerabilitiesThe ideal candidate possesses a strong blend of analytical and interpersonal collaboration skills, to identify and manage complex technical problems while simultaneously leading coalitions of stakeholders across disciplines to remediate identified issues, including:
• Lead a team of skilled analysts in the domains of vulnerability scanning, penetration testing, stakeholder notification, automation, reporting, and risk analysis
• Manage collaborative relationships across information technology and cybersecurity domains related to vulnerability management, including facilitation of regular project meetings and status reporting
• Provide key input into information technology and cybersecurity strategies regarding asset management (especially end-of-life system management), application rationalization, information security control design and control testing, risk assessment, threat intelligence, and other cybersecurity domains
• Establish and maintain a culture of engagement, ownership and collaboration across teams to break down siloes and build broad-based support for cyber initiatives and continual improvement
• Attract, recruit, and retain exceptional cybersecurity talent in the areas of vulnerability management, penetration, analytics and automation, including development of existing team members
• Lead proactive preparation for audits and regulatory exams, and facilitate timely and thorough resolution of identified issues
Qualifications
• 6+ years of cybersecurity and/or information technology experience at the enterprise level, with 2+ years directly supervising the activities of others with cybersecurity or information technology responsibility
• Exceptional communication, collaboration and organizational management skills, including:
• Ability to produce high-quality reports and presentations that accurately and concisely convey complex technical content in a meaningful way
• Ability to lead multi-stakeholder discussions on sensitive topics, build consensus and influence leaders toward positive outcomes
• Demonstrated leadership capabilities, including experience bringing ideas from concept to execution, motivating, leading, and guiding teams through periods of growth and transition, and building productive, collaborative relationships with other functions
• Technical experience with networks, operating systems, applications and other aspects of information technology architecture, particularly relating to vulnerability management
• Familiarity with vulnerability management concepts and tools, including automated vulnerability scanning, penetration testing, static and dynamic application testing, and reporting/analytical tools (e.g., Tableau, Qlik, PowerBI)
• Conceptual understanding of cybersecurity technologies such as firewalls, IDS/IPS, CASB, WAF, EDR, SIEM, DLP, DAM, UEBA, etc.
• Prefer experience in cybersecurity and/or information technology in a regulated industry (e.g., financial services, healthcare, government, etc.)
Listing Details
- Citizenship: Us Citizen
- Incentives: Not Provided
- Education: High School Diploma
- Travel: No Travel
- Telework: Optional Telecommute