Listing Description

Vulnerability manager

Team: Information Security

Reporting to: Head of Information Security Guernsey

Location: Guernsey

Contract: 12 months FTC with possible extension

Job Purpose

The vulnerability manager will be responsible for managing the full, end-to-end lifecycle of security vulnerabilities from discovery to prioritization to remediation, minimising the risk of external threats by ensuring that IT systems are regularly updated and vulnerabilities are identified and remediated.

Making use of a range of tools to identify, classify and prioritise vulnerabilities, manage the implementation of remedial patching or alternative solutions to minimise risk.

Management reporting of vulnerability and patching status

Emergency response to critical vulnerabilities to secure the estate.

Key deliverables

• Patching and vulnerability status reporting


• Patching schedules covering server operating systems, datacentre infrastructure, client operating systems, network infrastructure, mobile devices and business applications.


• Management of an offshore vulnerability remediation resource


• Ensuring operating system patching schedules are maintained and implemented across the estate.


• Recommendations to minimise risk for components that are end of life and will no longer receive security updates.


• Operational Management of the vulnerability tools including supplier service management.


• Achieving and maintaining compliance with agreed information security standards.

Relationships

• Head of IT Delivery


• Agilisys Shared services Head of Information Security


• Agilisys Shared services leadership


• Client senior IT & information assurance management


• Service delivery managers


• Service team managers for EUC, Hosting, Applications, SAP & Networks


• Project managers.

Skills and Experience

• Customer focused and influential, with a high desire to drive results.


• Good knowledge of Vulnerability Management and use of associated tools, processes, and reporting, with experience within Local Government, or a large company.


• Management of remote or offshore operations services.


• Experience of working with recognised IT Security standards and frameworks such as PCI-DSS, ISO27001, NIST CSF, GovS 007 and Cyber Essentials.


• Desirable - Proven experience of staff / team management


• Desirable - CompTIA Security+, CompTIA Network+, CISM, CISSP, CCSP or similar certification and training


• Desirable – Familiarity of working to ITIL service standards and associated training, certification, and experience.


• Desirable - Understanding of Information risk management and compliance, including technical security risk assessment and treatment.