Senior Vulnerability Management Analyst

at  endeavour group

LET’S CREATE A MORE SOCIABLE FUTURE TOGETHER

At Endeavour, we’re totally into what we do. With a portfolio that includes Dan Murphy’s, BWS, ALH Hotels, Pinnacle Drinks and more, we love to bring people together. Together we share our passion for our products and industry; it’s what inspires us to dream big, and continue to create new experiences for our customers and teams across Australia. If you thrive on positive energy, we want to meet you!

Job Description

• Be uniquely you, come as you are
• Work within an industry leading business
• Be a key player within the Cyber Security strategy

As a Senior Vulnerability Management Analyst, you will be a critical part of the Endeavour cybersecurity team and a key implementer of the Cyber Security strategy via engagement with stakeholders, both in the business and operations side .
The ideal candidate will oversee assurance and provide guidance on implementing a proprietary Control framework for the organisation. This involves collaborating with both business and technical teams to devise remediation plans and offer insights on optimal outcomes to mitigate risks using the approved frameworks used by Endeavour Group..
In this position, you’ll also be tasked with evaluating and addressing findings from stakeholder interactions, focusing on Vulnerability assurance and advice to safeguard organisational infrastructure and mitigate key risks. You will need to identify, assess, and manage cybersecurity vulnerabilities including infrastructure, cloud and penetration testing within the Endeavour group and its affiliated banners. A significant portion of the role involves nurturing relationships with stakeholders to effectively address cybersecurity vulnerabilities.
Additionally, you’ll closely collaborate with the Cyber Security Risk team to ensure ongoing management and awareness of current risk exposure. You’ll also liaise with the application security and architecture teams for any penetration testing engagements.
Sound good? Read on.

Here is a taster of what you can expect in this role:

• Be responsible for the Management of the end to end implementation of approved control frameworks and provide recommendation to help business prioritise remediation, aligning with the Cyber Security Strategy
• Be responsible for the Vulnerability Management strategy and implementation
• Be responsible for managing penetration testing activities from owning the framework to liaising with third parties and business stakeholders
• Be responsible for the testing of critical controls in relation to critical Assets and identifying key threat exposures
• Be responsible for managing zero days by providing advice on the exposure and probability of exploitation of vulnerabilities in the EGL Landscape.
• Be responsible for the reporting of the current state of control effectiveness and vulnerabilities reporting
• Be responsible for identifying, triaging and managing cybersecurity vulnerabilities within the Endeavour group and its banners and the threat exposure. The role will be internally faced with a strong need to manage relationships with stakeholders to ensure the optimal management of cybersecurity-related vulnerabilities.
• Provide active support in remediation activities pertaining to organisational and cloud infrastructure needs.
• Work closely with the Cyber Risk Team to manage the remediations of risks.
• Create awareness and perform analysis of new vulnerabilities that are to be communicated to the teams.
• Conducting assurance of the state of vulnerability remediations in the organisation via tool sets.
• Contribute to Cyber Security standards and central cyber strategy when required (post assurance work) under the guidance of the Security Architecture Team

Qualifications

Now let’s talk about you:

• Be proficient in well-known Control Frameworks such CIS Top 18,MITRE, OWASP, SANS, PCI-DSS and NIST CSF and have the willingness to learn any other approved Frameworks
• Extensive hands-on experience in Controls Assurance
• Strong experience in Vulnerability Management and experience in any SCAP compliant tools
• Innovative mindset to resolve issues and align with business needs
• Proven ability in providing advice on configuring and integrating systems
• Proven skills in managing vendor relationships.
• Ability to interact with broad range of stakeholders to explain and enforce Security measures
• Ability to conduct a range of assessments, including maturity assessment, stakeholder requirements, on a wide variety of projects.
• Self-motivated and able to manage multiple priorities and tasks concurrently.
• Relationship building capability with experience of dealing with people at all levels and across cultures