Senior Vulnerability Management Analyst

Location: Portugal, Poland, BrazilWork model: Hybrid (1-2 days per week in the office)This is one of a key cybersecurity role within the global Information Security organization. The individual fulfilling this Information Security Manager role in Vulnerability Management team will partner closely with IT professionals both within the core Global Information Security organization and those in the Global Business Units performing assessments of systems and networks within the network environment or enclave and identifies where those systems/networks deviate from acceptable configurations, enclave policy, or local policy and management.RESPONSIBILITIESDelivering on a portfolio of tasks as part of Vulnerability Management ServiceSupporting the Vulnerability Management team in vulnerability scanning and other ad hoc testing, identifying and evaluating vulnerabilities in web applications and infrastructureConducting comprehensive vulnerability assessments and continuous monitoring across IQVIAApply IQVIA’s vulnerability ratings to externally rated vulnerabilities to help the business prioritize remediationSupport the business lead vulnerability remediation activitiesMaintain an oversight of existing vulnerabilities in the IQVIA estateDevelop and document operational procedures and metrics in relation to carried out activitiesUtilize information security technical safeguards and associated procedures, analyzing output and producing relevant management information reports for further improvements in the security safeguards landscape, including vulnerability assessment, threat intelligence and patchingSupport audit efforts that identify technical and procedural findings, and provide recommended remediation strategies/solutionsCollaborate with the business, technology teams and information security management to ensure that control deficiencies are registered and remediatedReporting regularly to management on the status of assigned activities including issues, risks and remediation actions.Support and laisse on penetration testing activities for business units All responsibilities are essential job functions unless noted as nonessential (N).REQUIRED KNOWLEDGE, SKILLS AND ABILITIESInformation system security management, information security, troubleshooting, information systems, quality assurance and control, network security, cyber threat modelingKnowledge of computer networking concepts and protocols, and network security methodologies and OSIKnowledge of industry tools for security scanning and vulnerability management solutions (Qualys, Tenable Nessus or Nexpose)Working knowledge of enterprise IT and cloud technologies such as networking, server infrastructure, operating systems (MS Windows and Linux), web applications and databasesWorking knowledge of cybersecurity principles, algorithms, protocols and technologies supporting encryption, authentication, access control, information systems attack patterns, intrusion detection, and network securityKnowledge of IT processes (ITIL) in regulated environmentsKnowledge of ethical hacking principles and techniques, and Application Security Risks (eg. OWASP)Excellent written and verbal communication skillsEffective organization and time management skillsAbility to write with purpose, clarity and accuracyAbility to work both within a team environment and independently to initiate and prioritize tasksAbility to establish and maintain effective working relationships with coworkers and management in a global environment.Hands-on experience in security testing of web applications and infrastructure is a plusKnow-how of scripting languages is a plusExperience in ServiceNow is a plus.MINIMUM REQUIRED EDUCATION AND EXPERIENCECandidate should have a minimum of 3 years Vulnerability Management experience or 5 years prior experience in information assurance, incident handling, vulnerability management and vulnerability analysis, and assistance programsCandidates should possess an Bachelor's degree in Computer science, cybersecurity, information technology, software engineering, information systems, computer engineering and preferably have experience within a regulated industry environmentAn ITIL or project management certificates are not required but beneficial.A relevant qualification: CompTIA Security, CASP+, CEH, GIAC (GSEC, GCED etc.), SSCP or similar is a plus.IQVIA is a leading global provider of advanced analytics, technology solutions and clinical research services to the life sciences industry. We believe in pushing the boundaries of human science and data science to make the biggest impact possible – to help our customers create a healthier world. Learn more at