Vulnerability Management Specialist

Zelis is seeking a dedicated Vulnerability Management Specialist to serve as the single point of contact for disaster recovery and vulnerability management across the divisional IT teams. This role will manage DR recovery documentation, with responsibility to ensure RTO/RPO objectives, testing, and execution during events, and is also responsible for identifying, tracking, and driving the resolution of vulnerabilities in servers and code while establishing and promoting best practices in build and deployment processes.

Additionally, the Vulnerability Management Specialist will ensure that all efforts align with compliance frameworks such as SOC II, PCI DSS, and HIPAA. This critical role will enhance the organization's security posture, reduce risks, and maintain compliance with industry standards.

What You'll Do:

Vulnerability Management:

• Act as the primary liaison between enterprise IT and divisional IT teams for all disaster recovery and vulnerability-related efforts.

• Develop, maintain, and update disaster recovery plans for all critical systems and processes.

• Own and maintain the centralized repository for tracking known vulnerabilities, ensuring visibility and accountability across teams.

• Develop and manage roadmaps to reduce active vulnerabilities and implement preventative measures.

Testing and Validation:

• Plan and execute regular DR tests and simulations, ensuring the effectiveness of recovery plans.

• Identify gaps during testing and implement improvements to strengthen DR readiness.

Compliance and Risk Mitigation:

• Ensure vulnerability management processes and practices align with SOC II, PCI DSS, and HIPAA requirements.

• Collaborate with compliance and audit teams to address vulnerabilities identified during assessments or audits.

• Support external and internal audits by providing evidence of vulnerability remediation and secure practices.

• Develop and enforce policies and procedures to meet regulatory requirements in server configuration, application development, and data protection.

Prevention and Best Practices:

• Collaborate with enterprise and divisional teams to establish and enforce best practices in server configuration, code development, and deployment tools.

• Drive adoption of secure build and deployment processes to prevent vulnerabilities from being introduced into production environments.

• Implement mechanisms to measure and report on vulnerability aging and "live days," highlighting trends and areas for improvement.

Collaboration and Leadership:

• Partner with IT, infrastructure, and application teams to align recovery strategies with business objectives.

• Partner with security, compliance, infrastructure, and development teams to align vulnerability management strategies with organizational goals.

• Provide regular updates to leadership on vulnerability status, compliance posture, reduction progress, and aging metrics.

• Champion a culture of security awareness and continuous improvement throughout the organization.

Incident Response:

• Serve as the primary point of contact during DR incidents, coordinating recovery efforts and communications.

• Work with internal and external teams to ensure swift resolution of issues and minimal downtime.

Monitoring, Reporting, and Documentation:

• Develop dashboards and reports to track and communicate the status of vulnerabilities, aging metrics, and risk reduction outcomes.

• Document processes and workflows to ensure alignment with SOC II, PCI DSS, and HIPAA standards.

• Analyze trends and provide actionable insights to improve security posture and maintain compliance.

What You'll Bring to Zelis:

• Bachelor's degree in Information Technology, Computer Science, Cybersecurity, or a related field (or equivalent experience).

• 3+ years of experience in vulnerability management, cybersecurity, or IT operations.

• 3+ years of experience in IT operations, disaster recovery, or business continuity roles helpful.

• Hands-on experience developing and executing disaster recovery plans.

• Proven track record of reducing vulnerabilities and implementing preventative practices in complex IT environments.

• Experience working with compliance frameworks such as SOC II, PCI DSS, HIPAA, or ISO 27001.

• Strong understanding of vulnerability scanning tools (e.g., Nessus, Qualys, or similar) and patch management processes.

• Knowledge of secure software development practices and deployment pipelines (e.g., CI/CD).

• Familiarity with enterprise IT infrastructure, including servers, networks, and cloud environments.

• Strong understanding of regulatory requirements for data protection and security standards.

• Excellent communication and interpersonal skills, with the ability to work collaboratively across teams and levels.

• Strong analytical and problem-solving abilities, with attention to detail.

• Ability to manage multiple priorities and deliver results in a fast-paced environment.

• Certifications such as Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), or Global Information Assurance Certification (GIAC).

• Hands-on experience supporting audits for SOC II, PCI DSS, or HIPAA compliance.

• Familiarity with frameworks such as NIST Cybersecurity Framework or ISO 27001.

Location and Workplace Flexibility
We have offices in Atlanta GA, Boston MA, Morristown NJ, Plano TX, St. Louis MO, St. Petersburg FL, and Hyderabad, India. We foster a hybrid and remote friendly culture, and all our employee's work locations are based on the needs of the position and determined by the Leadership team. In-office work and activities, if applicable, vary based on the work and team objectives in accordance with Company policies.