Job Description
The Senior IT Vulnerability Management Business Analyst works as a liaison among stakeholders in order to elicit, analyze, communicate and validate requirements for changes to business processes, policies and information systems. This role will understand business problems and opportunities in the context of the requirements and recommend solutions that enable the organization to achieve its goals. The Senior Analyst will interpret and transform information based on business requirements and provide the data for delivery. Responsibility also includes conducting detailed research of vendor products and assisting with general project management.
The Senior IT Vulnerability Management Business Analyst will be directly involved with working with the Enterprise Risk team, the Enterprise Infrastructure teams, GSC Engineering, and the Enterprise Application teams. This position will be directly working with the process of identifying, evaluating, treating, and reporting on security vulnerabilities in IT and OT systems and the software/applications that run on them.
Seek opportunities continuously to increase customer satisfaction and deepen relationships.
Identify vulnerabilities found and create reporting and tracking of the remediation and/or mitigation of the vulnerabilities.
Push creative thinking beyond the boundaries of existing industry practices and client mindsets. Suggest areas for improvement in internal processes along with possible solutions.
Collaborate with peers across Cybersecurity in support of any business process analysis and documentation.
Participate in the planning and design of enterprise vulnerability management program, under the direction of the Cybersecurity Vulnerability Manager, where appropriate.
Provide input, help prepare and update Vulnerability Management roadmap, develop, maintain, and publish project plans and operation schedules.
Facilitate and coordinate vulnerability assessment and scanning, review of assessment results, patching, and remediation activities related to the Operational Technology environment and IT environment including workstations, servers, storage, databases, appliances, web applications and network devices.
Collaborate on and provide vulnerability results and metrics for consistent reporting for governance purposes; collaborate and coordinate remediation plans and activities.
Act as an interface between business units, technology teams, cybersecurity, and support teams.
Communicate effectively to internal team to drive remediation.
Working within the BA framework of Cybersecurity create and maintain operational documentation including Entity Relationship Diagrams, Data Dictionaries, Functional/Technical Specs, and other documentation as required.
Provide training and documentation for supported applications.
Utilize existing systems to track and manage remediation efforts.
Provide application expertise as a project resource.
Analyze, document, and improve workflows, processes, and standards.
This position is not eligible for sponsorship for work authorization now or in the future, including conversion to H1-B visa.
This position is eligible to work in the office three days a week and has the option to work remotely two days a week.
FORMAL EDUCATION:
Required:
Bachelor's Degree (or foreign equivalent) or in lieu of a degree, at least 12 years in experience in the field of Information Technology or Business (work experience or a combination of education and work experience in the field of Information Technology or Business)
KNOWLEDGE & EXPERIENCE:
Required:
5+ years IT and/or Business experience.
Well versed in Microsoft Office applications including Excel, PowerPoint.
Understanding of various essential business functions of an organization.
Strong technical knowledge ie. Windows OS, Linux, container environments and cloud.
Strong communication skills and able to present to different leadership in the organization.
Preferred:
Experience evaluating and/or explaining cybersecurity threats and vulnerabilities.
Experience with Agile methodologies.
Experience with ServiceNow Platform.
Personal Attributes:
Strong written and oral communications skills.
Proven ability and initiative to learn and research new concepts, ideas, and technologies quickly.
Strong systems/process orientation with demonstrated analytical thinking, organization skills and problem-solving skills.
Ability to work in a team-oriented, collaborative environment.
Ability to quickly pick up new tools and technologies.
Willingness and ability to train and teach others.
Ability to facilitate meetings and follow up with resulting action items.
Ability to prioritize and execute tasks in a high-pressure environment.
Strong presentation and interpersonal skills.
Business exposure to manufacturing industry.
Ability to work effectively in a multi-cultural environment, and to lead and influence cross-organizationally with and without direct authority.
Ability to effectively move forward on tasks even with ambiguous or changing requirements.
Strong commitment to inclusion and diversity.
Minimal travel, up to 5%, may be required.
Work outside the standard office 7.5-hour workday may be required.
Sherwin-Williams is proud to be an Affirmative Action, Equal Employment Opportunity, Inclusion and Diversity Supportive Employer. All qualified candidates will receive consideration for employment and will not be discriminated against based on race, color, religion, sex, sexual orientation, gender identify, national origin, protected veteran status, disability, age, pregnancy, genetic information, creed, marital status or any other consideration prohibited by law or by contract.
VEVRAA Federal Contractor requesting priority referral of protected veterans.
