Vulnerability Governance Intern (Cybersecurity)

What you’ll be doing

Functional Responsibilities

1. Managing vulnerability governance for all applications in Global Corporate Systems & Services (EDW).
   • Managing security vulnerability management for all application towers under EDW (ERP, BI, Billing, and HPTools). Remediation and fix deployment on application level should cater to individual application risk assessment.
   • Joins a bi-weekly call with each application tower, discussing respective tower's vulnerability status as overall. Using that meeting platform to address remediation area to prioritize.
   • Generating vulnerability report from Panaseer Vulnerability Management and MARS DB in identifying non-conformance (finding over-due SLA) for remediation prioritization. Bi-weekly sprint data needs to be populated in centralized listing in performing remediation through sprint-by-sprint flow.
   • Identifying and reporting false-positive findings to Threat and Vulnerability. Require evidence acquisition and engagement with relevant team (eg:vendor) in clarification of the issue.
2. Security Risk issue Governance
   • Ensuring risk issues for all towers are being addressed in timely manner and due process with Archer GRC application.
   • Coordinating risk issue remediation completion, ensuring to deliver by due date assigned.
3. Monthly OS patching management for hosts reside under EDW tower ensuring schedule patches deliver as requested.
   • Ensuring monthly OS patching schedule shared to owners for review and updated to the latest and reflecting the current patching time requested by servers and/or application owner.
   • Following up with failed OS patching incident through incident ticket and ensuring that they are addressed by DSG team.
   • Vulnerability fixes associated with OS patching that were not deployed would be addressed in an ad hoc patch schedule. Engagement with server team and maintenance team requires in doing so the deployment of fix would be within the SLA of detected vulnerability.

Internal Relationship Management

• Day-to-day interaction will take place with Release Management, Support and Project teams globally.
• Maintain effective working relationships with other regions peers/teams.
• Working with business partners to understand and develop user stories and appropriate test cases.
• Working with business partners to provide feedback, metrics, and insight regarding test results and released changes.
• Coordinate communications within support and users for corporate system.

Application of Processes, Controls, Standards and Measures

• Ensure consistent delivery controls are met as mandated by Release Management standards.
• Ensure that consistent documentation, processes and procedures are used for all deliveries.
• Adherence to Experian service management documentation and change standards.
• Ensure that audit and information security standards are consistently adhered to and maintained.
• Ensure measurement and metrics are collected, collated, documented, and maintained.
• Adherence to efficient and effective standards for delivery activities and follow department standards for the software development life cycle.