Assoc. Dir. Ddit Isc Vulnsvcs Role

**Summary**:
The role is part of DDIT ISC Security Operations in Vulnerability Services team. The person will focus on reducing risk exposure from security vulnerabilities through design, implementation and operations of VulnSvcs products that implement the VulnSvcs processes. Plays an active role in analyzing vulnerabilities for reduction and management. Objective of this role is to implement VulnSvcs processes through technology engineering, operations and ensuring effective use for wide array of stakeholders and users. Actively engage and work with VM team to analyze vulnerabilities posture and reduction. Role requires experience with vulnerability management/remediation solutions setup, end user focused product mgmt. and operations through strong collaboration with cross functional teams. Acumen with vulnerabilities/configuration issues, remediation/mitigation analysis, risk assessment, influencing stakeholders for timely mgmt., and operating security service is key. -Oversees security operations service line, technology governance and external/internal interfaces in accordance with service operations and management processes.

**About the Role**:
**Major accountabilities**:

- As a lead, own the design, implementation, roadmap, and operational oversight for VulnSvcs products to centralize and or operate the related processes:

- Ownership of VulnSvcs business requirements, translating to technical solution requirements, working with cross functional teams to manage implementation.
- Proactively monitor and govern engineering and support operations of the VulnSvcs solutions such as ServiceNow (SecOps module, custom modules), exposure mgmt. independently and aligned external/internal individuals.
- Identify problem areas and drive identification of root causes as well as sufficient prevention of recurrences.
- Lead product vendor/CSM connects to address Novartis requirements/issues.
- Plan, influence and deliver VulnSvcs products roadmap and maturity.
- Stay up to date with latest product features, perform POCs, finalize implementation requirements, ensure planned production.
- Develop and maintain documentation of related process and best practices.
- Provide security awareness and training to teams on VulnSvcs solutions and Mgmt.
- Implement security policies, procedures, and standards to ensure the confidentiality, integrity, and availability of solutions from technical vulnerabilities.
- Monitor and prioritize security vulnerabilities through risk analysis to understand potential impact and translate vulnerability severity as security risk.
- Flexibly support emergency response for 0-day vulnerability remediation.
- Defines remediation activities for security assessment gaps as they pertain to IT Security Management

**Key performance indicators**:

- Stable, compliant, secure, and cost-effective operations measured by Availability, Performance, Capacity, Security Metrics -Responsiveness and Recovery Speed of critical incidents/issues in business -Learning Agility, ability to evaluate and launch new services and capabilities -Productivity gains and defect reduction through continuous improvement -Automation led Security Operations Services -Integration of Applications and Infrastructure into Centralized Security Platforms
- Adequacy and maturity of VulnSvcs technology and processes.
- Technical expertise proven in identifying, reviewing, and improving risk posture.
- Ensure Application/project satisfied with the risk, security, and remediation advisory.
- Reducing the number of vulnerabilities by adapting remediation wherever possible
- Cross skill collaboration and feedback from the various stake holders

**Minimum Requirements**:
**Work Experience**:

- 10+ years of overall working experience in information security preferably in Vulnerability Management, Security Patching and Security Operations domain.
- At least 5+ years of relevant experience in security domain dealing majorly with vulnerability analysis, remediations, and assessments.
- Experience with centralizing threat vulnerability management process & technologies.
- Experience of sourcing complex IT services, product management and working closely with vendors for effective use of capabilities.
- Demonstrated leadership skills through experience in middle management and/or engagement with large security/development program stakeholders.
- Risk.
- Accountability.
- Strong cross functional leadership.
- Relationship Management.
- Strategy Development.
- Operations Management and Execution.
- Collaborating across boundaries.
- Project Management.
- Interactions with senior management.
- People Leadership.

**Skills**:

- SNOW SecOps and related vulnerability products integration.
- Acumen in designing and guiding implementation of vulnerability management solution workflows, integration design of vuln detection tools, hands-on testing and ideation of related product features, product security operations.
- Persuasive communication skills to