Company Description
**About us, but we'll be brief**
Experian is the world's leading global information services company, unlocking the power of data to create more opportunities for consumers, businesses and society.
We are thrilled to share that FORTUNE has named Experian one of the 100 Best Companies to work for.
In addition, for the last five years we've been name in the 100 "World's Most Innovative Companies" by Forbes Magazine.
**Job Description**:
**What you'll be doing**
The Attack Surface Mgmt Metrics Specialist is responsible for activities related to establishing Attack Surface Mgmt regional/global reports, embracing a risk-based approach, with the goal of enhancing Attack Surface Mgmt metrics
**Responsibilities**:
- Evaluate and define functional requirements for vulnerabilities, flaws, and misconfigurations metrics
- Understand the end-to-end Attack Surface Mgmt metrics process including metrics collection, tracking, and reporting.
- Develop, maintain, and run advanced reporting, dashboards, scorecards, and analytical results
- Communicate metrics to system owners and business partners on outstanding vulnerabilities, issues, and concerns.
- Develop and automate vulnerability metrics with specific procedures for data collection, analysis, and charting
- Determines requirements for technical solutions and tools to implement Vulnerability Metrics effectively
- Maps metrics back to strategic objectives for providing insight into the effectiveness and efficiency of Attack Surface Mgmt
- Develops vulnerability KPIs/metrics to demonstrate coverage and remediation effectiveness
- Review business and internal requests for new or vulnerability mgmt reporting, design the solution, and develop metrics
- Work with stakeholders to identify risk-based vulnerability mgmt metrics aligning with the security program and security risk management.
- Develop procedures to structure the metrics and reporting framework as part of a long-term strategy
- Produce timely scoping documents outlining the requirements for business requests
- Provide actionable recommendations to critical stakeholders based on data analysis and findings related to vulnerability management processes requiring reporting
- Aggregating vulnerability data across technologies such as endpoints, servers, network equipment, and cloud and interpreting and presenting risk.
- This is an independent metrics specialist role, responsible for driving the development of vulnerability mgmt metrics, gathering feedback from senior leaders in the organization, and being able to articulate metrics to senior leaders
**Qualifications**:
**What your background looks like**
- Formal Education & Certification
- Four-year college diploma or university degree in computer science or computer engineering, and/or 3 years equivalent work experience.
- Knowledge & Experience
- 5+ related experience in Cyber Security/Information Security and Vulnerability Management reporting
- Experienced in tools like SQL, Tableau, MS Excel etc.
- Experienced with collaboration tools such as JIRA, ServiceNow, Confluence etc.
- Understanding of end-to-end security metrics process including metrics collection, tracking and reporting, including ownership and responsibilities for each activity.
- Experience with collecting, analyzing, and interpreting qualitative and quantitative data from various sources for the purposes of detailing results and analyzing findings to provide sophisticated threat intelligence.
- Knowledge of architecture, engineering, and operations of one or more vulnerability management tools, such as Wiz, Qualys, Rapid7 and ServiceNow.
- Ability to provide creative solutions to complex problems
- Ability to clearly communicate risk of vulnerabilities to all levels within an organization.
- Knowledge of major cloud platforms (AWS, Azure, or GCP).
- Ability to manage, organize, analyze, and present substantial amounts of data
- Experience with large-scale and complex environments
- A broad and deep understanding of cybersecurity threats, vulnerabilities, controls, and remediation strategies
- Applied knowledge and experience in cybersecurity, technology infrastructure, vulnerability management, and security and controls
- An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily-understood and actionable manner
Personal Attributes
- Excellent interpersonal skills and strong verbal and written communication
- Proactive attitude, seeking improvement opportunities that can positively impact the security posture and the business
- Outstanding writing and documentation skills
- Strong organizational skills with proven ability to manage multiple high visibility issues simultaneously
- Able to communicate ideas in both technical and user-friendly language
- Highly self-motivated and directed, with keen attention to detail
- Able to prioritize and execute tasks in a high-pressure environment
- Ability to work inde