Job Description
Role Overview
Insight Global is seeking a Vulnerability Analyst to support and supplement Natixis's existing Vulnerability Patch Management (VPM) team. This is a consulting engagement focused on the full vulnerability and patch management lifecycle, identification, prioritization, and remediation, across the Americas CIB platform's entire IT landscape (infrastructure, systems, applications, and SDLC, both physical and virtual).
While the role requires real hands-on experience with Splunk and Qualys, the primary daily skillset is data analysis and reporting: pulling data sets, building pivot tables, creating trending graphs, and packaging that analysis into clean, leadership-ready PowerPoint decks. The analyst will work cross-functionally with IT stakeholders across the Americas and Head Office, partner with the Risk Management team on governance, and help bring structure and standardization to existing documentation and runbooks.
This is a strong fit for someone who has real exposure to vulnerability/patch management tooling but whose strongest, most consistent skill is translating complex data into clear metrics, KPIs/KRIs, and executive-ready reporting.
Day to Day
• Supplement the existing VPM team on the Vulnerability Patch Management workstream.
• Run weekly meetings with various stakeholder teams to follow up on remediation status, review dashboards, and walk through reports/metrics.
• Build and maintain dashboards and trending analysis covering patch/vulnerability metrics across endpoint, server, and application environments.
• Take existing procedures, runbooks, and process documentation and standardize/clean them up so they're sufficiently clear for someone else to execute the job from them, much of the current documentation is informally or inconsistently formatted.
• Operate with some governance and oversight from the Risk Management team.
• Support patch management and vulnerability remediation across all physical and virtual devices and applications, including SDLC-related application vulnerabilities.
• Collaborate with endpoint/workstation teams and server remediation teams to understand their remediation processes and data flows.
We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to HR@insightglobal.com.To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/.
Required Skills & Experience
• Strong, demonstrable expertise in Microsoft Excel, specifically building pivot tables from raw data sets and converting that output into trending graphs and charts.
• Ability to take that analysis and properly format it into polished PowerPoint presentations for leadership and cross-functional audiences.
• Experienced-level hands-on use of both Splunk and Qualys:
o Splunk: comfortable writing SPL (Search Processing Language) queries and building reports, not just consuming existing dashboards.
o Qualys: experience with Groovy scripting for asset tagging is strongly preferred; this is considered the heavier technical lift of the two tools.
• Solid understanding of the vulnerability management lifecycle: identification, prioritization, remediation tracking, and reporting across physical and virtual assets.
• Comfort working with large/complex data sets spanning multiple asset classes and shifting priorities.
• Experience tracking and reporting on KPIs and KRIs (Key Risk Indicators) for a security or risk program.
Nice to Have Skills & Experience
• Relevant certifications such as CISSP, CRISC, CISM, Security+, or equivalent.
• Financial services background is preferred but not disqualifying. Candidates coming from other heavily regulated industries (insurance, reinsurance) are workable, the client noted these candidates "can learn" the financial/regulatory structure, though there will be an adjustment period. Strong financial services candidates would feel more immediately comfortable with the regulatory body oversight and documentation routing expectations.
Benefit packages for this role will start on the 1st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.