Company Description
**About us, but we'll be brief**
Experian is the world's leading global information services company, unlocking the power of data to create more opportunities for consumers, businesses and society. We are thrilled to share that FORTUNE has named Experian one of the 100 Best Companies to work for. In addition, for the last five years we've been name in the 100 "World's Most Innovative Companies" by Forbes Magazine.
**Job Description**:
**What you'll be doing**
**Responsibilities**
- This is an independent role, responsible for driving the development of vulnerability management metrics, gathering feedback from senior leaders in the organization, and being able to articulate metrics to senior leaders
- Evaluate and define functional requirements for vulnerabilities, flaws, and misconfigurations metrics
- Understand the end-to-end Cloud and Attack Surface Management metrics process including metrics collection, tracking, and reporting.
- Develop, maintain, and run advanced reporting, dashboards, scorecards and analytical results
- Communicate metrics to system owners and business partners on outstanding vulnerabilities, issues, and concerns.
- Develop and automate vulnerability metrics with specific procedures for data collection, analysis, and charting, partnering with necessary teams as appropriate.
- Determines requirements for technical solutions and tools to effectively implement Vulnerability Metrics
- Maps metrics back to strategic objectives for providing insight into the effectiveness and efficiency of Cloud and Attack Surface Management
- Develops vulnerability KPIs/metrics to demonstrate coverage and remediation effectiveness
- Develops program efficacy metrics to support platform stability and improvements
- Review business and internal requests for new or vulnerability management reporting, design the solution, and develop metrics
- Work with stakeholders to identify risk-based vulnerability management metrics that align with the security program and security risk management.
- Develop procedures to structure the metrics and reporting framework as part of a long-term strategy
- Produce timely scoping documents outlining the requirements for business requests
- Provide actionable recommendations to critical stakeholders based on data analysis and findings related to vulnerability management processes requiring reporting
- Aggregating vulnerability data across technologies such as endpoints, servers, network equipment, and cloud and interpreting and presenting risk.
**Qualifications**:
**What your background looks like**
- Four-year college diploma or university degree in computer science or computer engineering, and/or 5 years equivalent work experience.
- 5+ related experience in Cyber Security/Information Security and Vulnerability Management reporting
- Experienced in tools like SQL, Tableau, MS Excel, etc.
- Experienced with collaboration tools such as JIRA, ServiceNow, Confluence, etc.
- Understanding of end-to-end security metrics process including metrics collection, tracking, and reporting, including ownership and responsibilities for each activity.
- Understanding of Common Vulnerability Scoring System (CVSS), including calculations and implications of base, temporal, and environmental scoring factors
- Experience with collecting, analyzing, and interpreting qualitative and quantitative data from various sources for the purposes of detailing results and analyzing findings to provide sophisticated threat intelligence.
- Familiarity with architecture, engineering, and operations of one or more vulnerability management tools, such as Wiz, Qualys, Rapid7, and ServiceNow.
- Ability to provide creative solutions to complex problems
- Ability to clearly communicate the risk of vulnerabilities to all levels within an organization.
- Knowledge of major cloud platforms (AWS, Azure, or GCP).
- Ability to manage, organize, analyze, and present substantial amounts of data
- Experience with large-scale and complex environments
- A broad and deep understanding of cybersecurity threats, vulnerabilities, controls, and remediation strategies
- Applied knowledge and experience in cybersecurity, technology infrastructure, vulnerability management, and security and controls
- An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily-understood and actionable manner
**Personal Attributes**
- Excellent interpersonal skills and strong verbal and written communication
- Proactive attitude, seeking improvement opportunities that can positively impact the security posture and the business
- Outstanding writing and documentation skills
- Strong organizational skills with proven ability to manage multiple high visibility issues simultaneously
- Able to communicate ideas in both technical and user-friendly language
- Highly self-motivated and directed, with keen attention to detail
- Able to prioritize and execute tasks in a high