TE58P3 Security Analyst - Vulnerability Management

CAS uses intuitive technology, unparalleled scientific content and unmatched human expertise to help companies create groundbreaking innovations that benefit the world. As the scientific information solutions division of the American Chemical Society, CAS manages the largest curated reservoir of scientific knowledge, and for 117 years, has helped innovators mine, assess and apply that information to keep businesses thriving. The CAS team is global, diverse, endlessly curious and strives to make scientific insights accessible to innovators worldwide.

CAS is currently seeking a Security Analyst- Vulnerability Management. This position will be located in our headquarters in Columbus, Ohio.

Position Summary:

This Information Security Analyst supports both ACS and CAS as an enterprise function. The Information Security Analyst is responsible for protecting the organization's information assets by identifying and partnering to remediate vulnerabilities in the environment using industry-leading tools and threat intelligence feeds. This role involves security assessments, analyzing scan reports, and collaborating with various departments to enhance the overall security posture of the organization. This role is responsible for collaborating with business partners to review, assess, and collaborate to remediate vulnerabilities and harden security controls.

Job Accountabilities:

• Regular attendance to your work location on the Columbus campus is a requirement of this role.
• Proactively works with partners and suppliers to achieve objectives on time and within budget. Takes appropriate actions, when necessary, with partners/suppliers to build enterprise class solutions, respond to issues/threats, and/or communicate to stakeholders all utilizing efficient and effective tools and techniques to mature enterprise information security
• Program Development: Mature and maintain an effective information security vulnerability management program to identify, assess, and mitigate vulnerabilities in the organization
• Conduct regular vulnerability scans on networks, servers, managed devices and applications.
• Identify, analyze, and prioritize vulnerabilities based on risk and potential impact.
• Use industry-standard tools to perform comprehensive vulnerability assessments.
• Work with IT and development teams to ensure timely and effective remediation of identified vulnerabilities.
• Develop and implement remediation plans, tracking progress, and verifying remediation completion.
• Provide guidance and support to teams on best practices for vulnerability mitigation.
• Manage and maintain vulnerability management tools and software.
• Ensure tools are updated and functioning correctly and configure them for optimal performance.
• Evaluate and recommend new tools or upgrades as needed.
• Generate detailed vulnerability assessment reports and dashboards for various stakeholders.
• Document and maintain an inventory of identified vulnerabilities and remediation efforts.
• Provide regular updates to management on the status of vulnerability management activities.
• Stay informed about the latest security threats, vulnerabilities, control frameworks, and industry trends.
• Conduct research on new vulnerabilities and emerging threats relevant to the organization.
• Participate in security forums and collaborate with external security experts.
• Ensure vulnerability management practices comply with industry standards and regulatory requirements.
• Develop, update, and enforce vulnerability management policies and procedures.
• Support internal and external assessments related to vulnerability management and security compliance.
• Following industry and company best practices
• Collaborate in implementation of security controls aligned to the Enterprise Information Security strategy
• Actively engages in the greater information security and privacy community (e.g. peer groups, seminars, conferences, etc.) to help identify industry advancements, new techniques and new partners. Demonstrates a positive, proactive and thought leadership attitude to CAS and the greater security community
• Apply previous experience and proactive research to problem solve
• Ability to document technical processes to ensure accuracy and sustainability of job-related processes
• Demonstrate cross-functional collaboration with all levels of personnel to achieve organizational and Enterprise Information Security objectives

Qualifications:

• Bachelor's degree in Cyber Security, Information Technology, Computer Science or related field preferred.
• 3-5 years of professional experience or equivalent combination of education and experience
• Industry certifications (CISSP, CRISC, CISM, etc.) optional
• Working knowledge of multiple industry standard security domains
• Working knowledge of information security risk and control frameworks including NIST 800-171, CMMC, NIST CSF, and CIS Critical Controls
• Excellent written and verbal communication skills, with the ability to communicate security concepts and vulnerability management strategies to technical and non-technical stakeholders
• High level of attention to detail and accuracy in performing security assessments and documenting findings
• Experience with and ability to implement security best practices
• Experience with vulnerability management tools
• Able to work independently and as part of a team
• Demonstrated experience working with a team to solve technical problems
• Demonstrated experience working with a team to solve process problems
• Ability to focus on and achieving results
• Demonstrated reliability and follow-through on commitments and assignments
• Demonstrate professionalism and courtesy in all interactions
• Demonstrated ability to implement security best practices
• Work well under pressure (i.e. a critical system is down)

CAS offers a competitive salary and comprehensive benefits package, including a generous vacation plan, medical, dental, vision insurance plans, and employee savings and retirement plans. Candidates for this position must be authorized to work in the United States and not require work authorization sponsorship by our company for this position now or in the future. EEO/Minority/Female/Disabled/Veteran