Subject Matter Expert - Vulnerability Management

Position Name : Vulnerability Management SME

Location : Bangalore

Work Mode : Initial 3 months WFO ( 5 days working ) Later Hybrid Mode- Thrice a week to the office

Shit Timing : 1:30PM-10:30PM IST

Job Description Summary :

Main Purpose of the Role :

- Support Vulnerability Management and Policy Compliance activities by guiding technology owners on remediation.

- Reduce vulnerability footprint through direct engagement with technology and product owners.

- Provide solutions for complex security issues and lead major vulnerability risk reduction initiatives.

- Ensure all processes are documented according to Company standards.

- Influence strategic risk reduction priorities across the organization.

- Ensure effective Information Security and IT risk controls across MUSI.

- Collaborate with global Information Security functions to ensure consistent standards.

- Ensure appropriate Information Security controls, strategies, and protection measures against cyber threats.

- Manage compliance with security policies, standards and procedures.

- Support interactions with auditors, regulators, committees, and head office.

Key Responsibilities :

- Under a dual-hat arrangement, you will act on behalf of both banking and securities entities in EMEA.

Vulnerability Management & Policy Compliance :

- Develop and maintain processes for assessing vulnerabilities, threats, and mitigating controls.

- Manage governance surrounding policy compliance (e.g., CIS Benchmarks, hardening frameworks).

- Review and validate vulnerabilities using available data sources and tools.

- Prioritise remediation based on risk assessment and threat evaluation.

Cyber Security Operations :

- Monitor and report on the security posture of digital presence (e.g., websites).

- Liaise with Technology and Business teams to ensure compliance with MUSI security standards.

- Collaborate with stakeholders to agree and drive remediation and mitigation actions.

- Support preparation for audits and regulatory reviews.

- Support remediation actions resulting from incidents and audit findings.

- Ensure technical safeguards are in place across:

- Windows & Unix systems

- Databases (Oracle, SQL, Sybase)

- Network infrastructure

Governance, Risk & Compliance :

- Maintain knowledge of current security laws, regulations, and best practices.

- Support penetration testing programs.

- Support Information Security and Operational Security activities as required.

- Contribute to Operational Risk reporting across EMEA.

- Act as an Information Security SME and trusted advisor for MUSI.

Skills & Experience Required :

- Experience as a Vulnerability Analyst or in Vulnerability Management.

- Strong understanding of Risk Assessment methodologies.

- Familiarity with scoring models (CVSS, CCSS) and data models (CPE).

- Knowledge of common vulnerabilities, attack vectors, and mitigation practices.

- Strong process orientation and attention to detail.

- Broad knowledge of IT systems, applications, networks, and security principles.

- Understanding of application development platforms.

- Exposure to exploit methods, attack chains, and vulnerability analysis.

- Experience with internal/external audits and audit relationship management.

- Bachelor's degree in Computer Science, Cybersecurity, or related field.

Desired :

- Experience with Qualys Cloud Portal.

- Cloud security experience (Azure / Oracle Cloud Infrastructure).

- Knowledge of cloud security frameworks and tools.

- Experience with DLP solutions, including policy creation and workflow management.