Website GBG
***Whilst primarilly remote this role will require some office attendance – at our Chester hub or London hub. Please only apply if you are able to attend one of these locations.***
About GBG
GBG is the leading expert in global identity and location. In an increasingly digital world, GBG helps businesses grow by giving them intelligence to make the best decisions about their customers, when it matters most.
Every second, our global data, agile technology, and expert teams, power over 20,000 of the world’s best-known organisations to reach and trust their customers.
Learn more at www.gbgplc.com and follow us on LinkedIn and X @gbgplc
Why you should be@GBG
We make the world a safer place
We trust each other and win together
We are local experts in a global business
We want you to be yourself
We grow when you grow
The Team
GBG’s Information Security team of c30 team members, enable delivery of GBG’s business strategy by ensuring GBG is secure and trusted. The team provides four core capabilities:
· Governance, Risk and Compliance.
· Cyber Defence.
· Product Security.
· Security Architecture.
The Role
The Vulnerability Engineer is responsible for implementing GBG’s Threat & Vulnerability Management Programme. You will lead on the identification, prioritisation and remediation tracking of vulnerabilities to ensure that GBG is securely maintained and operated in line with legislative, regulatory, and business security requirements. You will work closely with cross-functional teams to implement security measures and provide guidance on best practices. Additionally, you will stay up to date with the evolving threat landscape and proactively research emerging threats.
What you will do
Providing effective leadership and helping to navigate through senior management and business approvals, thereby ensuring vulnerabilities are managed appropriately and within documented SLAs.
Engineer a robust and risk-based strategic approach to Vulnerability Management.
Identify strategic risks and devise controls to mitigate threats.
Provide vital oversight to identify and manage critical risks.
Manage and track identified vulnerabilities, ensuring recommendations for threat remediation are followed.
Enhance or reporting processes, providing clear and concise reports to multiple stakeholders.
Foster an agile mindset and continuous improvement within vulnerability management.
Work closely with Security Engineering and DevOps teams across GBG to prioritise the removal of security vulnerabilities based on business risk.
Stay informed of new vulnerabilities that could impact the GBG and its customers.
Monitor and respond to vendor and security research notifications.
Support GBG’s Cyber Security incident response capabilities.
Create and maintain vulnerability management policies, procedures, and training programmes.
Support relationship management with 3rd parties delivering technical assurance services to GBG.
Requirements
What We’re Looking For
Good understanding of OWASP, MITRE, CVSS, CWE and other standards/frameworks/scoring systems relevant to vulnerability management
Command a solid grasp of on-premises and cloud networking and network security devices.
Certified in CISM, CISSP, CSSLP, CRISC or equivalent.
Have good knowledge and understanding of application security technologies.
Are proficient and experienced with vulnerability scanning tools.
Experience in providing risk-based vulnerability management and the benefits of implementing such a process.
Show ability to track, report on, and drive non-compliance remediation.
Capable of reviewing and prioritising vulnerabilities based on common risk exception and mitigation concepts.
Showcase experience in providing clear, potent briefings and reports to senior stakeholders on security status and progress.
Benefits
To find out more
Click here to see more about what’s important to us, including our flexible working policy, our commitment to ESG, I&D and much more.
To chat to the Talent Attraction team and find out more about our benefits, drop an email to [email protected] and we’ll be in touch!
Make life@GBG work for you.
Diversity & Inclusivity:As an equal opportunity employer, we are committed to providing fair opportunities for everyone regardless of age, gender, race, religion, sexual orientation, parental status or disability. Everybody is welcome and our inclusion and diversity programme, be/yourself, is designed to ensure that you can thrive. Please inform your GBG Talent Attraction Partner if you require any reasonable adjustments to the interview process.