Consultoria – Vulnerability Management Manager – Olivos

Line of Service

Advisory

Industry/Sector

Not Applicable

Specialism

Cybersecurity & Privacy

Management Level

Manager

Job Description & Summary

A career in our Threat, Intelligence and Vulnerability Management practice, within Cybersecurity and Privacy services, will provide you with the opportunity to help our clients implement an effective cybersecurity programme that protects against threats, propels transformation, and drives growth. As companies pivot toward a digital business model, exponentially more data is generated and shared among organisations, partners and customers. You’ll play an integral role in helping our clients ensure they are protected by developing transformation strategies focused on security, efficiently integrate and manage new or existing technology systems to deliver continuous operational improvements and increase their cybersecurity investment, and detect, respond, and remediate threats.

Our team helps organisations to rapidly and effectively respond to threats against potential security incidents by helping to detect, respond to, investigate, and remediate threats across the incident management life cycle.

To really stand out and make us fit for the future in a constantly changing world, each and every one of us at PwC needs to be a purpose-led and values-driven leader at every level. To help us achieve this we have the PwC Professional; our global leadership development framework. It gives us a single set of expectations across our lines, geographies and career paths, and provides transparency on the skills we need as individuals to be successful and progress in our careers, now and in the future.

As a Manager, you’ll work as part of a team of problem solvers, helping to solve complex business issues from strategy to execution. PwC Professional skills and responsibilities for this management level include but are not limited to:

• Develop new skills outside of comfort zone.
• Act to resolve issues which prevent the team working effectively.
• Coach others, recognise their strengths, and encourage them to take ownership of their personal development.
• Analyse complex ideas or proposals and build a range of meaningful recommendations.
• Use multiple sources of information including broader stakeholder views to develop solutions and recommendations.
• Address sub-standard work or work that does not meet firm’s/client’s expectations.
• Use data and insights to inform conclusions and support decision-making.
• Develop a point of view on key global trends, and how they impact clients.
• Manage a variety of viewpoints to build consensus and create positive outcomes for all parties.
• Simplify complex messages, highlighting and summarising key points.
• Uphold the firm’s code of ethics and business conduct.

Roles and responsibilities –

The successful candidate will have a range of responsibilities, including working to design, build and operate Vulnerability Management programs from people, process, and technology perspectives. Key responsibilities include:

• Drive the configuration of vulnerability assessment tools, including the integration of feedback from IT owners to reduce false positives.

• Perform analysis and prioritization of identified vulnerabilities, along with remediation recommendations.

• Prepare vulnerability data and reports for both technical and executive audiences.

• Identify timelines/programs and guide teams to address vulnerabilities, including system patching, deployment of specialized controls, code or infrastructure changes, and changes in build engineering processes.

• Manage tracking and remediation of vulnerabilities by leveraging agreed-upon action plans and timelines with responsible technology partners and support teams.

• Design and oversee delivery of actionable dashboards and scorecards.

• Review and coordinate changes to patching policies, procedures, standards, and audit work programs in a continuous improvement model.

• Drive protection of valuable information and maintain the confidentiality and integrity of data through:

  • Knowledge of security management, network & protocols, data, and application security solutions.

  • Knowledge of industry trends, including current and emerging risks.

• Stay abreast of relevant legislation, regulatory requirements, guidelines, and industry developments relating to data protection, privacy, security, and data governance. Provide analysis of impacts to key stakeholders.

Preferred Knowledge/Skills –

• Experience with end-to-end Vulnerability Management processes (i.e., the VM lifecycle) and tools (e.g., host-based and application scanners), patch management, GRC tools, and ITSM.

• Working knowledge of common tools used in the VM lifecycle, including ITSM, CMDB, etc.

• Advanced understanding of operating system and application security, administration, and debugging.

• Understanding of security controls (e.g. access control, auditing, authentication, encryption, integrity, physical security, and application security).

• Well versed in operating systems such as Windows environments, Active Directory, VPN systems, encryption schemas and algorithms, various authorization and authentication mechanisms/software, network monitoring and sniffing, TCP/IP networks, and vulnerability and threat management tools.

• Experience with Vulnerability Management products from vendors such as Qualys, Tenable and Rapid7.

• Excellent verbal and communication skills.

• Strong interpersonal relationship skills.

• Ability to self-motivate when given strategic goals.

Education Qualification – Bachelor’s degree in Computer Science, Computer Engineering, Information Security, Cybersecurity

Certifications Preferred – Certification in vulnerability scanning products from Qualys, Tenable or Rapid7 highly desirable. Relevant SANS training experience a plus (e.g., SEC460, SEC560)