Spl'st, Risk App.

Job ID: 32587

Location: Bukit Jalil KL, MY

Area of interest: Technology

Job type: Regular Employee

Work style: Office Working

Opening date: 13 Aug 2025

**Job Summary**
- Senior Vulnerability Threat Management Analyst will be part of the Cyber Risk Remediation team under the CIO function and lead the vulnerability management activities for retail bank division. The Analyst will play a vital role in coordination, analysis, reporting and remediation of vulnerability findings to achieve security goals and risk reduction target for the department. The role requires optimal engagement with various stakeholders including technology delivery leads, information security officers and Collaborate with IT teams to develop and track effective remediation plans for identified vulnerabilities.
- Governance - Drive strategy and tactical plans toward holistic vulnerability management across multiple technology teams in a large organization. Oversee data collection and reporting of vulnerability metrics for the board, CIO, and CISO leadership. Maintain strong working relationships with IT engineering, operations, and other stakeholders to track and expedite vulnerability remediation targets.
- Prioritization - Assessment / analysis of vulnerability scan results to prioritize vulnerabilities based on severity, potential impact, and exploitability while aligning with the remediation priorities with the organization’s security standards.
- Remediation Planning - Develop strategies to identify, manage, and mitigate identified threats and vulnerabilities to attain desired risk profile and communicate strategies to key stakeholders. Collaborate with IT teams to develop and implement effective remediation plans for identified vulnerabilities.
- Risk Assessment - Evaluate the potential impact of vulnerabilities on the organization's systems and data. Collaborate with risk management teams to assess the overall risk posture and prioritize mitigation efforts. Assist with the selection of cost-effective security controls to mitigate risk (e.g., protection of information, systems, and processes)

**Key Responsibilities**

**Strategy**
- Drive strategy and tactical plans toward holistic vulnerability management across multiple technology teams in a large organization. Oversee data collection and reporting of vulnerability metrics for the board, CIO, and CISO leadership. Maintain strong working relationships with IT engineering, operations, and other stakeholders to track and expedite vulnerability remediation targets.
- Remediation Advisory & Planning - Develop strategies to identify, manage, and mitigate identified threats and vulnerabilities to attain desired risk profile and communicate strategies to key stakeholders. Collaborate with IT teams to develop and implement effective remediation plans for identified vulnerabilities.

**Business**-
**Processes**
- Prioritization - Assessment / analysis of vulnerability scan results to prioritize vulnerabilities based on severity, potential impact, and exploitability while aligning with the remediation priorities with the organization’s security standards.

**People & Talent**

**Risk Management**
- Risk Assessment - Evaluate the potential impact of vulnerabilities on the organization's systems and data. Collaborate with risk management teams to assess the overall risk posture and prioritize mitigation efforts. Assist with the selection of cost-effective security controls to mitigate risk (e.g., protection of information, systems, and processes)

**Governance**
- Governance - Drive strategy and tactical plans toward holistic vulnerability management across multiple technology teams in a large organization. Oversee data collection and reporting of vulnerability metrics for the board, CIO, and CISO leadership. Maintain strong working relationships with IT engineering, operations, and other stakeholders to track and expedite vulnerability remediation targets.
- Vulnerability Analysis: Comprehensive knowledge of vulnerability scanning tools (such as Tenable and Qualys), familiarity with common security vulnerabilities (like the OWASP Top 10), and the capability to evaluate their severity and impact on the business.
- Exploitability Analysis / Threat Modelling: Expertise in identifying and assessing potential threats and vulnerabilities, evaluating their exploitability, and developing strategies to mitigate associated risks.
- Remediation: Proficient in various remediation techniques, including patching and configuration changes, with a solid understanding of the effectiveness of different approaches.
- Scripting/Programming: To be able to understand and recommend code level fixes in Java. Proficiency in scripting languages to automate tasks, analyse data, and develop custom solutions for vulnerability remediation.
- Networking: Strong grasp of IPv4 and IPv6 networks, including network protocols and security concepts.
- Operating Systems: Proficient in both Windows and Linux patching systems