We are seeking an experienced Security & Compliance Analyst with strong expertise in Vulnerability Management, Governance Risk & Compliance (GRC), and IT Service Management practices. The role focuses on strengthening organizational security posture through proactive risk identification, vulnerability remediation, compliance governance, and cross-functional stakeholder collaboration.

The ideal candidate will possess hands-on experience in enterprise security operations, risk-based remediation strategies, and automation-driven security improvements within Unix/Linux midrange environments.

Key Responsibilities :

Security & Vulnerability Management :

- Manage end-to-end vulnerability lifecycle including identification, prioritization, remediation tracking, and reporting.

- Perform risk-based analysis using CVSS scoring and business impact assessment.

- Drive vulnerability remediation programs ensuring SLA compliance and backlog reduction.

- Collaborate with infrastructure and application teams to remediate security findings.

- Support patch management governance across enterprise platforms.

Governance, Risk & Compliance (GRC) :

- Support implementation and adherence to organizational security and compliance frameworks.

- Conduct risk assessments and ensure alignment with internal and regulatory security standards.

- Track compliance metrics and provide audit-ready reporting.

- Participate in security incident response and threat analysis activities.

- Maintain governance documentation and compliance evidence.

Service Management & Process Improvement :

- Work closely with Incident, Problem, and Change Management teams following ITIL V4 practices.

- Perform Root Cause Analysis (RCA) for recurring security and operational issues.

- Raise and track RFCs to mitigate risks and prevent incident recurrence.

- Develop dashboards and reporting mechanisms for security visibility.

Automation & Stakeholder Engagement :

- Implement automation workflows to improve remediation efficiency.

- Collaborate with DevSecOps, infrastructure, and application teams for security integrations.

- Communicate technical risks effectively to business stakeholders and leadership.

- Present security performance metrics and improvement plans to management forums.

Required Skills & Experience :

Technical Skills :

- Vulnerability Management tools : Qualys VMDR (preferred)

- Unix/Linux Platforms : RHEL, AIX, Solaris, Oracle Linux

- Service Management Tools : ServiceNow (SNVR, CMDB, dashboards)

- Patch Management & Remediation Tracking

- Security Risk Analysis & Compliance Monitoring

GRC & Security :

- Governance, Risk & Compliance (GRC) processes

- Security Incident Management

- Risk Prioritization & Threat Analysis

- Audit & Compliance support

ITSM :

- ITIL V4 framework

- Incident, Problem & Change Management

- Root Cause Analysis (RCA)

Qualifications :

- Bachelors Degree in Computer Science or related field.

- 5 - 7 years of experience in Security, Risk & Compliance or Vulnerability Management roles.

Preferred Certifications :

- ITIL V4 Foundation (Mandatory/Preferred)

- Qualys VMDR Certification

- CompTIA Security+ (or equivalent security certification)

- Relevant cybersecurity or GRC certifications are an advantage.

Key Competencies :

- Strong analytical and risk assessment skills

- Excellent stakeholder management and communication

- Automation mindset with continuous improvement focus

- Ability to manage cross-functional security initiatives

- Data-driven decision-making approach

Key Outcomes Expected :

- Improved vulnerability remediation efficiency

- Reduced security backlog and risk exposure

- Enhanced compliance posture

- Strong governance and audit readiness

- Improved visibility through reporting and dashboards