Vulnerability Management Governance Analyst

Join us as a Vulnerability Management Governance Analyst within Vulnerability Management Governance. The team own the Operating Model for vulnerability management within Barclays and is accountable for ensuring that it is regularly updated and reviewed and approved in line with documentation requirements.

The team is accountable for approval of issues raised against the VM Standard and status tracking to completion, ownership of the VM Metric definitions, monthly and weekly VM reporting of performance against metric thresholds and commentary on any underperforming metrics.

The Governance team acts as the gatekeeper for all audit and regulatory engagement and fulfils the Supplier Management role in dealings with third parties providing services directly to the VM Operations team.

This is a varied role, where you will be working on different vulnerabilities all the time, no two days are the same.

To be successful as a Vulnerability Management Governance Analyst , you should have experience with;

• Developing and implementing governance frameworks, policies, and procedures within a global financial institution.
• Development of vulnerability management operating model, policies and procedures to ensure consistency in vulnerability identification, remediation and reporting. Element owner of the Vulnerability Management Standard including Issues Management and Regulatory alignment.
• Clear and influential communication, capability of engaging technical teams, business units, and senior stakeholders.
• Guiding, influencing, and inspiring cross-functional teams, with a focus on strategic direction and collaboration.

Some other highly valued skills may include;

• Proficiency in defining and tracking Key Performance and Risk Indicators for vulnerability remediation, Service Level Agreement adherence, and risk reduction.
• Experience chairing governance forums, steering committees, and audit reviews, with a focus on audit readiness and evidence-based reporting.
• Effective project delivery skills with a consistent record of producing high-quality outputs on time.

You may be assessed on the key critical skills relevant for success in role, such as risk and controls, change and transformation, business acumen strategic thinking and digital and technology, as well as job-specific technical skills

Location of this role be Knutsford.

Purpose of the role

To keep our customers, clients, and colleagues safe by identifying cyber-vulnerabilities across the Bank, using a risk-based approach to prioritise them, and to drive effective remediation activity. 

Accountabilities

• Allocation of the correct risk rating and remediation prioritisation to a vulnerability based on industry standards for assessment, available threat intelligence concerning exploitation, the reachability of the host (or asset) and the value of the service(s) running on the impacted host.
• Development of vulnerability management operating model, policies and procedures to ensure consistency in vulnerability identification, remediation and reporting. Element owner of the Vulnerability Management Standard including Issues Management and Regulatory alignment.
• Communication of vulnerabilities to relevant parties including senior stakeholders, vendors, external security partners and affect business units using reports and dashboards and provide recommendations for improvement in vulnerability management practices.
• Collaboration with Threat intelligence and Cyber Operations teams to assess and contextualise exposure to latest threat trends and exploits and set appropriate remediation timescales.
• Definition of requirements and acceptance criteria for the implementation and maintenance of automation tools to streamline vulnerability management processes within operating systems and applications.
• Reporting of remediation status of Security Assurance Specialist team findings against Key Risk Indicators.

Analyst Expectations

• To perform prescribed activities in a timely manner and to a high standard consistently driving continuous improvement.
• Requires in-depth technical knowledge and experience in their assigned area of expertise
• Thorough understanding of the underlying principles and concepts within the area of expertise
• They lead and supervise a team, guiding and supporting professional development, allocating work requirements and coordinating team resources.
• If the position has leadership responsibilities, People Leaders are expected to demonstrate a clear set of leadership behaviours to create an environment for colleagues to thrive and deliver to a consistently excellent standard. The four LEAD behaviours are: L – Listen and be authentic, E – Energise and inspire, A – Align across the enterprise, D – Develop others.
• OR for an individual contributor, they develop technical expertise in work area, acting as an advisor where appropriate.
• Will have an impact on the work of related teams within the area.
• Partner with other functions and business areas.
• Takes responsibility for end results of a team’s operational processing and activities.
• Escalate breaches of policies / procedure appropriately.
• Take responsibility for embedding new policies/ procedures adopted due to risk mitigation.
• Advise and influence decision making within own area of expertise.
• Take ownership for managing risk and strengthening controls in relation to the work you own or contribute to. Deliver your work and areas of responsibility in line with relevant rules, regulation and codes of conduct.
• Maintain and continually build an understanding of how own sub-function integrates with function, alongside knowledge of the organisations products, services and processes within the function.
• Demonstrate understanding of how areas coordinate and contribute to the achievement of the objectives of the organisation sub-function.
• Make evaluative judgements based on the analysis of factual information, paying attention to detail.
• Resolve problems by identifying and selecting solutions through the application of acquired technical experience and will be guided by precedents.
• Guide and persuade team members and communicate complex / sensitive information.
• Act as contact point for stakeholders outside of the immediate function, while building a network of contacts outside team and external to the organisation.

All colleagues will be expected to demonstrate the Barclays Values of Respect, Integrity, Service, Excellence and Stewardship – our moral compass, helping us do what we believe is right. They will also be expected to demonstrate the Barclays Mindset – to Empower, Challenge and Drive – the operating manual for how we behave.