You are an established information systems risk professional with foundational knowledge in a range of technologies and hacking techniques that allows you the breadth to make well informed risk assessments.
You make recommendations in order to devise & drive a vulnerability management program that ensures business & technology leadership knows the risks, the remediation priorities are defensible and remediation takes place in a timely fashion.
You are organized and process oriented, able to think and work holistically across a range of teams to devise workable processes that map to compliance requirements but avoid undue burden on operations in order to best ensure that risks are identified early, assessed properly, escalated when needed and get treated.
The purpose of the role is to ensure that Real Matters and its suppliers operate all platforms in a risk conscious and acceptable posture to minimize risks of intrusion, disruption, theft or misuse.
Take control over existing vulnerability management processes, review, assess and plan a new and better program in consultation with security and technology leadership
Ensure regular vulnerability assessment of all technology platforms prioritized by system risk, with a focus on automation of both assessment and reporting
Establish and chair a vulnerability management committee to review system state both tactically and strategically with the relevant technology SME and technology management personnel
Build and deliver risk reporting for SME, intermediate and executive audiences to ensure remediation efforts are aligned to leadership risk comfort and appropriately resourced
Maintain the Asset Inventory and interface with technology operations teams to ensure it remains current, covering not just platforms but applications, software, business purpose and ownership information
Devise & track appropriate metrics and Key Risk Indicators by which success of the program can be assessed
Keep up with technology team priorities and projects to ensure remediation efforts are not dropped without appropriate risk acceptance for any unplanned delays outside of normal operating procedures
Select / recommend vendors for periodic independent penetration tests and orchestrate testing logisitics once approved
Take ownership of technology hardening standards and drive out improvements to fleet configuration state, ensuring risk appropriate scanning & reporting of actual state
Lead monitoring of vulnerability news and own processes for escalation of critical / high risk exploits for priority technology team action, including notifying and requiring appropriate confirmation from suppliers who may put Real Matters at risk of a compromise
Be prepared to play other parts of the security team to assist colleagues in areas such as access review, SIEM monitoring, incident response, governance, risk assessment & client compliance requests
Be on-call periodically in rotation to respond to occasional escalated after-hours high risk security alerts via the security operations centre
Maintain program documentation in a state ready to show off to major enterprise client organziations
In client relationships, always represent Real Matters Technology in a professional and diplomatic manner with the highest level of integrity, always having the interests of clients and Real Matters and its subsidiaries as top priorities
Education and Training Required
Undergraduate degree or equivalent
3+ years of experience in an information security operational role
Solid understanding of technology risk assessment methodologies such as CVSS, OWASP, & Lockheed-Martin Kill Chain
Any well recognized security certification bonus if in hacking / PEN testing
Solid understanding of TCP / IP v4 and v6, IP layers, protocols
Optional Skills and Expertise
Rapid7 InsightVM, Qualys VM and WAS
Systems operational experience in some or all of Windows, Linux, Cisco, Sonicwall, Citrix, Tomcat, MySQL, MSSQL, IIS, TLS / SSL
Knowledge of PCI DSS, NIST CSF and CIS Top 20 control requirements in this space
Penetration testing experience / skills / qualifications
Scripting or coding skills to automate common tasks, avoid drudgery and human error
Skills and Expertise Required
Excellent communication skills, written and spoken crafted appropriate to either technical or non-technical audiences to achieve desired outcomes / decisions / actions
Ability to map clear, workable and repeatable processes that ensure compliance and risk requirements are met
About Real Matters
Serving the North American mortgage industry through its Solidifi offering and the property and casualty (P&C) insurance industry through its iv3 CUS business, Real Matters creates powerful insights into residential and commercial properties.
Leveraging its cloud-based technology platform, redihive™, the organization provides its customers with subject matter expertise gathered through partnerships with more than 26,000 field agents, comprised of Solidifi independent appraisers as well as iv3 insurance inspectors.
Established in 2004, Real Matters has its Canadian head office in Markham, Ontario and U.S. head office in Buffalo, NY.