Sr Staff Vulnerability Advisor

Job Description Summary As part of GE Aviation’s Cyber Security & Technology Risk organization, this individual will Lead the GE Aviation Enterprise Vulnerability Management (EVM) program. As the business vulnerability manager, this individual will be responsible for executing and managing a program to measure, evaluate, and reduce business risk related to infrastructure and application vulnerabilities. This individual will also work to drive process enhancement, simplification and increased process visibility. Job Description

Essential Responsibilities:

• Lead and execute and adjust the UK EVM program to measure and reduce business risk related to open vulnerabilities, including missing patches, obsolescence, configuration issues and unsupported applications etc.
• Define and lead UK complaint application testing program to ensure that application code is tested in compliance with regulatory compliance.
• Define integration for OT technology vulnerability assessments with the UK EVM program
• Define and measure key performance indicators (KPIs) and key risk indicators (KRIs) related to scan coverage, vulnerability exception counts and business risk across the Aviation Systems UK DT Product Categories.
• Identify and resolve gaps related to scanning, vulnerability remediation and reporting issues
• Review and manage Aviation vulnerability and patching exception requests from a local business risk perspective and provide general risk assessment advisory services to application and asset owners align to GE Aviation global approaches
• Lead time-sensitive Code Red vulnerability response to remediate highest criticality vulnerabilities across enterprise, OT and lab/test cell assets, and regulated environments
• Lead time-sensitive UK regulatory vulnerability response to remediate highest criticality vulnerabilities across enterprise, OT and lab/test cell assets in line with regulatory requirements and demands
• Lead campaigns to systematically and strategically reduce business risk by closing open vulnerabilities with the help of application owners, asset owners, and support groups
• Communicate program objectives and metrics to Aviation CTR and DT Product Category leaders
• Coordinate stakeholders across GE Aviation DT to socialize and drive change regarding IT controls and risk assessments
• Partner with GE Aviation EVM team on enterprise initiatives

Qualifications:

• Bachelor’ s Degree in Computer Science, Engineering, Information Technology or related field, or 4 years of equivalent working experience.
• well rounded experience with IT risk assessment, assurance and/or control testing processes

Desired Characteristics:

• Enterprise vulnerability management experience to include patch management and remediation activities in a large company
• Understanding of Dynamic Application Security Testing (DAST) and Static Application Security Testing (SAST)
• Previous Secure Development Lifecycle or Application Assessment experience
• Hands-on experience with scanning tools (Nessus Pro, Tenable.SC, Qualys)
• Familiarity with ServiceNow CMDB and GRC tools
• Security related certifications (i.e. CISSP, CEH, CISM, CISA, CSSLP, CCNP)
• Experience with scripting languages (Python, Ruby, Perl) and BI tools (Tableau, SiSense)
• Strong planning & project management skills
• Strategic thinking and ability to build and communicate a program Roadmap based on stakeholder priorities and customer feedback
• Good and demonstrated communication skills with technical and non-technical communities
• Proven ability to coordinate and influence large groups
• Good analytical skills, attention to detail and ability to methodically troubleshoot complex issues

Flexible Working

GE supports and encourages flexible working arrangements, where possible, and recognises the benefits to employees of having a positive work-life balance.

Total Reward

At GE Aviation we understand the importance of Total Reward. Our flexible benefits plan, called FlexChoice, gives you freedom, choice and flexibility in the way you receive your benefits, as well as giving you the opportunity to make savings where possible.

As a new joiner to GE we are pleased to be able to offer you the following as default in your benefit fund, which you then can tailor to meet your individual needs;

• Performance based annual bonus
• Non-contributory Pension
• Life Assurance
• Group income protection

• Private medical cover
• Holiday Hourly equivalent of 26 days, with flexible option to buy or sell

Security Clearance

Baseline Personnel Security Standard (BPSS) clearance is required and must be maintained for this role. Please note that in the event that BPSS clearance cannot be obtained, you may not be eligible for the role and/or any offer of employment may be withdrawn on grounds of national security. Please see the link below for further details regarding the requirements for BPSS clearance: BPSS

Right to Work

Applications from job seekers who require sponsorship to work in the UK are welcome and will be considered alongside all other applications. However, under the applicable UK immigration rules as may be in place from time to time, it may be that candidates who do not currently have the right to work in the UK may not be appointed to a post if a suitably qualified, experienced and skilled candidate who does not require sponsorship is available to take up the post. For further information please visit the UK Visas and Immigration website.

Additional Information