Vulnerability Management Expert

Overview

The Data Security Services team in Singapore provides day-to-day operational support for the IT infrastructure of Europe (primarily France and UK) and Asia remotely from Singapore. France infrastructure accounts for approximately 80% of the worldwide production activities supported in Singapore. The team operates across both Asia and Europe time zones, and this role will primarily align with France, UK, and Singapore working hours. Flexible rotations may apply depending on operational needs.

The team's operational support covers the following areas:

• Vulnerability Management Services

• Endpoint Security Technologies (Anti-virus, Host Intrusion Prevention Systems, etc.)

• Data Leak Prevention Systems

• Encryption Solutions (Disk, File & Folder Encryption)

• Database Audit Monitoring Solutions

• Phishing Prevention Solutions

Responsibilities:

• The Vulnerability Management Expert is an individual contributor role within the Data Security Services team, responsible for owning and driving the Vulnerability Management function, with support from platform teams for remediation activities. This role requires close collaboration with multiple cross-functional IT teams.

• Act as the primary point of contact for Vulnerability Management matters and provide consultation on vulnerabilities identified by scanning tools.

• Guide Infrastructure and Application teams in remediating vulnerabilities within their scope.

• Prepare and execute the Vulnerability Management Plan across all lifecycle phases.

• Ensure vulnerability scans are scheduled, configured, and executed as planned investigate failed scans and reschedule where required.

• Conduct regular IT asset discovery, coordinate with CMDB owners for asset tagging, and onboard new assets into the Vulnerability Management tool.

• Assess identified vulnerabilities by analyzing risk profile and environmental impact.

• Lead discussions with Infrastructure and Application teams to explain vulnerability relevance and business impact.

• Identify false positives, understand environmental limitations, and facilitate Risk Acceptance processes with relevant stakeholders.

• Collaborate with Windows, Unix, Network, and other Infrastructure teams on remediation efforts.

• Maintain Vulnerability Dashboards and provide reports for technical teams and management.

• Ensure compliance with defined KPIs and provide regular progress reporting.

• Escalate risks, issues, or delays to management in a timely manner.

• Provide subject matter expertise for Vulnerability Management services.

• Lead remediation planning arising from Penetration Testing findings.

• Conduct threat exposure scans, assess applicability, and coordinate remediation initiatives.

• Participate in stakeholder meetings across multiple regions and time zones.

• Propose, plan, and execute service improvement initiatives.

• Adhere to internal policies, compliance, regulatory, and financial security requirements.

• Prepare weekly, monthly, and ad-hoc reports for management.

• Stay updated on emerging threats and vulnerabilities and assess their relevance to the environment.

Requirements:

• 10-12 years of overall IT experience, 6-8 years of IT Security experience and 5+ years managing Vulnerability Management processes in a large enterprise environment

• Bachelor's / Master's Degree / Engineering Degree in Information Technology, Computer Science, or equivalent

• Hands-on experience managing Vulnerability Management programs

• Strong knowledge of vulnerabilities across operating systems, networks, databases, and application servers

• Ability to assess vulnerabilities and prioritize remediation based on risk

• Experience working with cross-functional IT teams in production/operations environments

• Strong risk-based decision-making capability

• Hands-on administration of Tenable Security Center / Nessus in large enterprise environments

• Reporting and dashboard creation for different management levels

• Strong Excel, PowerPoint, and Word reporting skills with graphical trending analysis

• Proficiency in PowerShell or SQL

• Experience using BI tools such as Power BI

• Broad knowledge of Information Security domains

• Prior experience in the Financial Services industry is highly preferred

• Strong understanding of ITIL processes

• This role is mainly aligned to Asia and EMEA time zones. However, additional work outside standard hours may be required for urgent or critical threat management situations.

Flexible Roster Hours:

• General Shift: 10:00 AM - 7:00 PM SGT

• General Shift: 11:00 AM - 8:00 PM SGT

• Afternoon Shift: 12:00 PM - 9:00 PM SGT (based on operational needs)

Preferred Certifications:

• CISSP (Certified Information Systems Security Professional)

• GIAC Enterprise Vulnerability Assessor (GEVA) or equivalent Vulnerability Management certification

• CREST Certification

If you are keen, please email your updated resume to [Confidential Information]

EA License no.14C7275/Registration no. R1434860

Please take note that only shortlisted candidate will be contacted. Thank you