ROLE SUMMARY The Global Information Security organization delivers three core capabilities for Pfizer. The team secures the most important information assets through world-class protective controls, promotes a cybersecurity ownership culture across the company through targeted awareness education to empower colleagues to make informed risk decisions, and partners with business leaders to enable improved outcomes through the effective application of technologies that simplify user experience and reduce risk. The Cybersecurity Vulnerability Management Sr. Associate will be responsible for performing vulnerability scanning and assessments throughout the enterprise to protect the confidentiality, integrity and availability of information assets using a risk-based approach. This position will ensure continuous vulnerability life cycle management with focus on analysis and validation of scan results, setting relative Pfizer risk ratings, providing remediation recommendations, tracking, and reporting of vulnerabilities to improve the overall security posture of Pfizer. ROLE RESPONSIBILITIES Manage all aspects of the vulnerability management tool including scanners, agents, and policies Perform scheduled and/or on demand vulnerability scanning and assessments, including triage, reports, and analysis Analysis and validation of scan/assessment results communicated to stakeholders through reporting and result review meetings Interacts directly with stakeholders to address issues related to remediation of vulnerability scanning and assessments. Coordinate activities that are focused on helping key stakeholders with the interpretation of their vulnerability results, providing guidance on the remediation of existing or emerging threats, and evaluating false positives Develop and disseminate regular reporting and metrics on the posture of vulnerabilities and remediation activities throughout the lifecycle and to all stakeholders including leadership Develop security solutions, designs, and plans to identify and assess vulnerability risks Track remediation work consistently in order to advance improvements to program and closure of vulnerabilities Apply data, good judgement and organization skills to develop short-term risk reduction plans and ongoing improvement of the scanning and vulnerability remediation processes while adjusting for different Pfizer environments (Manufacturing, Research, Enterprise, etc.) Provide remediation assistance on any potential findings as needed Able to identify and assess potential impact from vulnerabilities specific to Pfizer’s environment, and determine appropriate mitigating controls Able to display a growing understanding of business drivers and apply to daily work Work with industry standard tools, as well as learn new innovative solutions Work with and influence key manufacturing partners, 3rd party service providers Support penetration testing, red-team exercises, threat hunting and other risk assessments if applicable Demonstrated ability to work in an agile work environment possessing qualities such as a collaborative mindset, adaptability to change, and a proactive problem-solving approach. BASIC QUALIFICATIONS Applicant must have a Bachelor’s in Security and Risk Analysis, Information Assurance, and Cybersecurity, or related field with two years of relevant experience; OR Master’s degree with relevant experience; OR Associate's degree with six years of relevant experience; OR eight years of relevant experience with a high school diploma or equivalent Preferred Industry certifications as (CISSP, GEVA or equivalent) Strong technical knowledge and experience required in areas of vulnerability assessment, risk-based analysis, and vulnerability mitigation Overall experience with assessing vulnerabilities and driving remediation in a global enterprise environment on a variety platforms Strong technical knowledge of operating systems, network protocols, and applications development. Strong technical knowledge and experience with security testing tools, port scanners, vulnerability scanners, and exploit frameworks. Possess a solid understanding of industry frameworks and best practices: CIS Critical Security Controls, Threat Modeling, OWASP, NIST 800 Series Understanding of malware, emerging threats, attacks, and vulnerability management with a personal drive to continue learning Maintain currency of latest technology trends, particularly as they apply to vulnerability and risk management Experience with scripting or programming languages like Python, Ruby, or PowerShell High level of integrity and strong ethical values Excellent analytical and problem-solving skills. Able to apply ingenuity and think out of the box respecting different requirements from Pfizer environments (manufacturing, enterprise, servers, clients, etc.) Strong written and verbal communication skills Strong team player who collaborates well with others to solve problems Work Location Assignment: Hybrid Purpose Breakthroughs that change patients' lives At Pfizer we are a patient centric company, guided by our four values: courage, joy, equity and excellence. Our breakthrough culture lends itself to our dedication to transforming millions of lives. Digital Transformation Strategy One bold way we are achieving our purpose is through our company wide digital transformation strategy. We are leading the way in adopting new data, modelling and automated solutions to further digitize and accelerate drug discovery and development with the aim of enhancing health outcomes and the patient experience. Flexibility We aim to create a trusting, flexible workplace culture which encourages employees to achieve work life harmony, attracts talent and enables everyone to be their best working self. Let’s start the conversation! Equal Employment Opportunity We believe that a diverse and inclusive workforce is crucial to building a successful business. As an employer, Pfizer is committed to celebrating this, in all its forms – allowing for us to be as diverse as the patients and communities we serve. Together, we continue to build a culture that encourages, supports and empowers our employees. DisAbility Confident We are proud to be a Disability Confident Employer and we encourage you to put your best self forward with the knowledge and trust that we will make any reasonable adjustments necessary to support your application and future career. Our mission is unleashing the power of our people, especially those with unique superpowers. Your journey with Pfizer starts here! Information & Business Tech