Global IT Vulnerability Manager

A Word About Us

Capco is a global business and technology consultancy dedicated solely to the Financial Services
industry, with over 20 offices in Asia, North America and Europe. We are the Swiss Army Knife of the
financial services industry, helping our clients deliver projects in areas including:
- Banking
- Capital Markets
- Finance, Risk & Compliance
- Insurance
- Payments
- Wealth & Investment Management
- Digital

Capco Asia Pacific operates from three locations Hong Kong (Asia Headquarters), Singapore and
Kuala Lumpur, with each office conveniently located in the most central business districts. Having
grown APAC to 1000+ employees, our seasoned consultants specialize in helping our clients tackle
some of the most pressing issues in Asias financial services industry.
As financial institutions are hit with waves of regulation, cost pressures and the rise of non-traditional
competitors, we help our clients simplify complexity to remain relevant in this day and age. With our
deep Financial Services expertise combined with our nimble entrepreneurial values, we think like a
start-up and execute like a Multi-National.
Through our hands-on consulting expertise, we go beyond strategy. We create target operating
models, reduce costs, design digital interfaces, reengineer processes, manage risk and regulatory
compliance In short we help form the Future of Finance.

Job Overview
The Global IT Security Vulnerability manager reports to the Chief Information Security Officer and is
responsible for the identification and scanning of vulnerabilities using the QualysGuard cloud
vulnerability management system. The vulnerability manager will then be accountable for managing
the remediation of such vulnerabilities in line with the Capco Information Management Policy
Framework and ensuring that vulnerabilities are remediated in an appropriate timescale. The
Vulnerability manager will work with the IT Endpoint administration team to patch systems using the
IBM BigFix tool.
The vulnerability manager will also be responsible for the implementation and maintenance of
Capcos QualysGuard Compliance Manager instance and for creating, communicating and
implementing processes and procedures to ensure that compliance to CIS baselines is maintained
and managed.

Key Responsibilities & Experience

Relevant experience required in a Vulnerability Management environment:

3+ years related experience in a global enterprise environment

 5+ years of vulnerability management experience
3+ years QualysGuard and Qualys Compliance Manager experience
Schedule, plan and manage authenticated vulnerability scans across the enterprise.
Liaise with the IT Endpoint team to schedule, plan and Install security patches for both
OS-level and 3rd party products
Manage and administer the QualysGuard cloud instance
Experience with implementing vulnerability management across a multi-national
organisation
Work with the SIEM team to ensure vulnerabilities are correctly analysed
Experience of QualysGuard within a hybrid on premise and AWS environment
Perform troubleshooting of failed agent installations, up to and including escalating to and
working with the vendor to resolve the issue
Design and produce reporting on a weekly, monthly, quarterly and annual basis
Create scheduled activities in Web Reports to send out preconfigured reports to sets of
concerned users
Be a strategic member of a technical organisation
Hands on experience with troubleshooting QualysGuard communication issues in a large
multisite deployment needed
Develop and maintain Standard Operating Procedures for QualysGuard application and
agents
Diagnoses and troubleshoots problems with Servers, software, and communications
devices
Provide escalation support for technical support and assistance to junior administrators
Interfaces with vendors to ensure appropriate vulnerability resolution
Develops and implements testing strategies and document results
Troubleshoots and resolves complex problems
Maintains current knowledge of relevant hardware and software applications as assigned
Participates in special projects as required
-Troubleshooting Proficient at Systematic analysis to diagnose and trace data flow to
determine cause and effect of issues.
-Strong Communications, Problem Solving, Leadership and analytical skills;
-Able to assess and solve issues in a high-pressure environment.
-Strong organisational skills; Must be able to multitask without sacrificing attention to
details.
-Able to work effectively with other groups and teams.
-Must be able to come up to speed on new project areas quickly as this role will grow
quickly
Operations experience in a variety of server based operating system - MS Server 2008
and above
Familiar with security, best practices and methodologies

Relevant certifications would be a plus e.g.

QualysGuard, VM, PC and WAS

CISSP, CISM