The Business Analyst has responsibilities for conducting and coordinating technical vulnerability assessments across our IT infrastructure, applications and services, providing subject matter expertise recommendations towards the development of appropriate remediation plans and delivering clear and accurate reports detailing the organization’s level of security assurance against internal compliance and external threat measures. We are looking for an individual with experience of the technologies and processes to analyze, assess and report on vulnerability and configuration assessments across a complex multi-hospital network as well as demonstrating the skills to develop effective and trusting relationships with internal stakeholders.

This role is part of an Infrastructure Security team that delivers in-depth technical security services for our most critical applications and infrastructure to ensure that they are highly resilient against existing and emerging cyber security threats.

The functions listed describe the business purpose of this job. Specific duties or tasks may vary and be documented separately. The employee might not be required to perform all functions listed. Additional duties may be assigned, and functions may be modified, according to business necessity.
• Conduct scheduled security vulnerability and configuration assessments across global applications and infrastructure; and provide expert, technical remedial recommendations.
• Configure, operate and support the vulnerability management technologies and toolsets.
• Deliver the analysis and reporting of the organization’s security posture to key internal stakeholders.
• Create and maintain the set of unified key performance and risk indicators aligned to stakeholder requirements.
• Schedule, co-ordinate and manage the engagement process (with internal stakeholders and third-party vendors) for manual penetration tests performed by approved third party vendors.
• Promote and develop vulnerability assurance initiatives across all regions and work to improve existing security services, including the continuous enhancement of existing methodology material and supporting assets.
• Work with the Security Operations teams to monitor and research industry information sources for zero-day threats and vulnerabilities that impact Computershare.
• Work with the Security Governance teams on the iterative security configuration tests against the technical baseline security standards.
• Work with the Security Consultancy teams, to report on findings and respond to requests on threats and known vulnerabilities and the delivery of ad-hoc vulnerability scans.
• Establish and maintain strong, collaborative working relationships with global and regional technology infrastructure, application, and architecture teams.

Qualifications:
• A minimum of five years of technical experience with a strong foundational understanding of enterprise system, network and application architectures (including Microsoft, RHL).
• Comprehension of end to end vulnerability management workflow to include industry standards such as CVE, CPE, CVSS.
• Possess, or working towards, professional or industry certifications, such as, CEH, MCSA, CISSP, SANS, and have an understanding of the security principles outlined in NIST and ISO27000.
• Be a self-starter, be able to successfully prioritize and manage multiple complex tasks, and work well under pressure with limited supervision both individually and at times, with other team members.
• Excellent verbal and written communication skills with the ability to effectively articulate complex technical terms to both technical and non-technical audiences.
• Be able to adapt to a flexible working model, such as attending conference calls meetings outside of normal office hours.
• Knowledge of Microsoft Office tools, including Outlook, Word, Excel, and PowerPoint.
• Strong attention to detail, especially for producing quality work product with repetitive procedures.