大手証券会社でのIT Security Vulnerability Management Coordinatorの求人

1) Job/Group/Function Overview:
We employ a robust Vulnerability Management (VM) team, members of which are located in all of its major regions, namely EMEA, Americas, India, and Japan. This team is separated into two varied areas:
・Vulnerability Management - Operations
・Vulnerability Management - Coordinators
Operations is responsible for the day to day BAU requirements of VM operations along with vulnerability and policy based remediation, analysis, notification and tracking. Members are also responsible for designing, implementing and maintaining our IT Security Policy and strategies.
Coordination is more focused on remediation of the vulnerabilities. They will be using the regular scan results and work with the varying remediation teams to remediate the vulnerabilities within set Vulnerability Guidelines.

2) Responsibilities:
This position is primarily a coordinator role (Wholesale), but will also have operational responsibilities (Retail) due to this role serving both Wholesale and Retail.
As a Lead to VM Coordinator out of JP in Wholesale
・Coordinate information and actions across all Regional Teams (other regional VM leads and coordinators), meeting with them regularly through regional handovers.
・Work with other Regional VM Coordinators and Regional IT Security Leads on Regulatory, Audit and KRI reporting ensuring the VM scanning, vulnerability and policy based efforts ensuring policy, SLAs and reporting KRIs.
・Manage wholesale vulnerability remediation efforts within JP region and globally.
・Work with application owners and support teams on all VM remediation efforts

As an Operational role for Retail
・Manage Day to day VM operations in Rapid7, coordinate and manage weekly scans, ensure scan success, policy based scans, analyse scan success, track Vulnerability trends and work on VM related projects, tooling and efficiency gains.
・Track and improve scanning success.
・Work alongside VM Development team to create scripts and tooling to improve reporting, troubleshooting, and analysis. Provide detailed analysis on Zero-Day, Celebrity Vulnerabilities, and Perimeter Scan assessments.

The position also will be required to know and work along with other teams in these varying areas
・Threat Intelligence
・Security Operations Centre
・Security Surveillance
・Vender Risk Management
・Cyber Incident Response and Forensics
・Penetration Testing and Red Team Exercises
・Governance, Risk, and Compliance (GRC),
・Security Architecture
・IT Security Policy Setting
・Information Security Management and Training

All team members will need to perform project management activities (Change the Bank (CTB)), as well as operational activities and support (Run the Bank (RTB)).

Mandatory:
・Approximately 5 or more years of IT Security experience in the domains listed in the “Responsibilities” section above or at least 10 years of IT experience with at least 1-2 years of experience in the domains listed in the “Responsibilities” section above.
・Must have solid critical thinking skills and be able to collect and analyze evidence from logs, monitoring and other diagnostics
・Must have good organization, communication, and coordination skills
・Must be able to consistently apply procedures.
・Prior experience with server administration (on Windows, UNIX, Database, Networks platforms)
・Must have prior experience in an IT operations/support role and IT Security
・Strong Operational Knowledge and conceptual understanding of other infrastructure and Security technologies as it pertains to servers, database, core services, and networks.
・Ability to prioritize and effectively triage issues.
・Ability to effectively balance time between day-to-day support work and project-related tasks.
・Strong verbal and written communication skills. Ability to cope with business needs and to respond to and address production situations promptly.
・Ability to communicate and act professionally with IT staff and business clients while under strict deadlines.
・Ability to work in a team-oriented setting is a definite requirement with strong interpersonal skills.
・Ability to deal with changing priorities and work with global teams

Preferred:
・Any security certifications, such as: Nexpose NCA/NACA, AWSCS, PCCSE, CISSP, CISM, CISA, Security+, CEH, CCSK, or similar industry recognized certifications.
・Vulnerability Management Tooling (Rapid7 or other VM Tooling background)
・Operational Support Experience within MS Active Directory or Exchange infrastructure
・Operational Support Experience within Red Hat Enterprise Linux, or Solaris based systems
・Operational Support Experience within Networking
・Experience in either project management or ITIL service management
・Other best-practice IT certifications such as ITIL or COBIT
・Working Knowledge with Service Now and/or CMDB concepts
・Knowledge of controls frameworks such as NIST CSF, NIST SP 800-53, ISO 27001/2, CIS, and FISC.

Personal Characteristics:
・Strong communication skills, ability to work comfortably with different regions and technology teams
・Good team player, ability to work on a local, regional and global basis and as part of joint cross location teams and cross functional teams.
・Ability to be pro-active and self-manage tasks through to completion.
・Able to perform under pressure.

Japanese Language skills:
Nice to have but not an absolute requirement for this role.