IT Senior Analyst: Vulnerability Management, Patching Governance & Compliance

Value2Biz de Mexico SC

Alabama, Alabama

JOB DETAILS
SALARY
SKILLS
Analysis Skills, Automation, CISM - Certified Information Security Manager, CISSP - Certified Information Systems Security Professional, Change Management, Clinical Information Systems, Cloud Computing, Communication Skills, CompTIA Security+, Computer Science, Computer Security, Cross-Functional, Data Analysis, Data Processing, Documentation, Environmental Health, Establish Priorities, External Audit, Financial Services, Government, HIPAA (Health Insurance Portability and Accountability Act), Healthcare, Healthcare Providers, Hospital, IT Governance, ITIL (IT Infrastructure Library), Identify Issues, Industry Standards, Information Technology & Information Systems, Information Technology/Systems Audit, Internal Audit, Internet Security, Leadership, Maintain Compliance, Metrics, Microsoft Active Directory, Microsoft Product Family, Microsoft Windows Azure, Microsoft Windows Server, Operational Audit, Organizational Development/Management, Organizational Skills, Patient Care, Performance Metrics, Process Improvement, Progress Reports, Project/Program Management, Regulatory Compliance, Regulatory Requirements, Reporting Dashboards, Reporting Skills, Risk, Risk Analysis, Risk Management, Security Analysis, Security Auditing, Security Infrastructure, Security Monitoring, Service Level Agreement (SLA), ServiceNow, Software Patches, System Center Configuration Manager (SCCM), Systems Administration/Management, Systems Maintenance, Time Management, U.S. National Institute of Standards and Technology (NIST), Vulnerability Scanners
LOCATION
Alabama, Alabama
POSTED
3 days ago

Job Title: IT Senior Analyst – Vulnerability Management, Patching Governance & Compliance

Duration: 6-Month Contract

Location: On-site (Authorized U.S. States – see below)

Compensation: $ 32 USD / hour

Position Summary

Important Healthcare organization is seeking an experienced IT Senior Analyst – Vulnerability Management, Patching Governance & Compliance responsible for leading the organization's enterprise vulnerability management and patch governance programs across infrastructure, endpoints, servers, and healthcare technology platforms. This role serves as a key liaison between Cybersecurity, Infrastructure, Clinical Applications, Operations, and Compliance teams to ensure timely remediation of security vulnerabilities while maintaining system availability and supporting patient care.

The successful candidate will establish and monitor patching standards, remediation timelines, compliance metrics, risk reporting, and governance processes across a complex healthcare environment. This position requires strong analytical skills, expertise in vulnerability management platforms, and the ability to drive accountability across multiple technology teams.

This role is instrumental in maintaining regulatory compliance, reducing cybersecurity risk, and ensuring adherence to healthcare industry security standards and organizational policies.

Key Responsibilities

Vulnerability Management & Risk Remediation

  • Lead enterprise vulnerability management activities across servers, endpoints, cloud environments, and healthcare technology systems.
  • Analyze vulnerability scan results and prioritize remediation efforts based on risk, exploitability, business impact, and regulatory requirements.
  • Partner with Infrastructure, Security, Clinical Engineering, and Application teams to coordinate timely remediation activities.
  • Track and report remediation progress against established service-level objectives (SLOs) and key performance indicators (KPIs).
  • Facilitate risk acceptance and exception management processes when vulnerabilities cannot be remediated within required timelines.
  • Monitor industry threat intelligence and emerging vulnerabilities to assess organizational risk exposure.

Work Requirements

  • Candidates must currently reside and be authorized to work in one of the following states:

Alabama, Arkansas, Florida, Georgia, Illinois, Indiana, Iowa, Kentucky, Louisiana, Mississippi, Missouri, North Carolina, Ohio, Oklahoma, South Carolina, Tennessee, Texas, Wisconsin, St. Louis, Missouri or Kansas City, Missouri.

Patching Governance

  • Develop, maintain, and enforce enterprise patching policies, standards, and procedures.
  • Establish governance frameworks for patch deployment and vulnerability remediation activities.
  • Ensure patching schedules align with cybersecurity requirements, operational needs, and healthcare system availability standards.
  • Oversee compliance with patching SLAs across infrastructure, servers, workstations, virtual environments, and cloud platforms.
  • Conduct regular governance reviews to measure patch compliance and remediation effectiveness.
  • Support emergency patching activities related to critical security vulnerabilities and zero-day threats.

Compliance & Regulatory Management

  • Ensure compliance with healthcare regulations and security frameworks including:
  • HIPAA
  • HITECH
  • NIST Cybersecurity Framework
  • CIS Controls
  • Joint Commission standards
  • Internal security policies and audit requirements
  • Prepare compliance reports and executive dashboards demonstrating remediation performance and risk reduction efforts.
  • Support internal and external audits related to vulnerability management and patch governance.
  • Maintain documentation of remediation activities, exceptions, compensating controls, and compliance evidence.

Reporting & Metrics

  • Develop meaningful reporting and executive-level metrics related to:
  • Vulnerability aging
  • Patch compliance
  • Risk exposure
  • Remediation performance
  • Regulatory compliance
  • Present risk findings and remediation trends to leadership, governance committees, and technology stakeholders.
  • Identify recurring issues and recommend process improvements to reduce organizational risk.

Cross-Functional Collaboration

  • Collaborate closely with:
  • Cybersecurity teams
  • Infrastructure Operations
  • Endpoint Engineering
  • Server Administration
  • Clinical Application Teams
  • Cloud Operations
  • Compliance and Audit functions
  • Facilitate remediation meetings and governance reviews with technical and business stakeholders.
  • Drive accountability for remediation efforts across multiple support teams.

Process Improvement & Automation

  • Identify opportunities to streamline vulnerability assessment, reporting, and remediation workflows.
  • Support automation initiatives using Microsoft and security management platforms.
  • Improve governance processes through data-driven analysis and operational maturity assessments.
  • Contribute to strategic cybersecurity and infrastructure initiatives.

Required Qualifications

  • Bachelor's degree in Information Technology, Cybersecurity, Computer Science, or related field, or equivalent experience.
  • 3+ years of experience in vulnerability management, cybersecurity operations, IT governance, infrastructure operations, or compliance.
  • Experience managing enterprise vulnerability remediation programs.
  • Strong understanding of patch management principles and governance frameworks.
  • Experience working in regulated environments such as healthcare, financial services, or government.
  • Knowledge of:
  • Vulnerability Management Programs
  • Security Risk Assessments
  • Patch Governance Processes
  • IT Compliance and Audit Practices
  • Windows and Server Infrastructure
  • Endpoint Management Technologies
  • Microsoft Entra ID and Active Directory
  • Change Management Processes
  • Excellent analytical, organizational, and communication skills.

Preferred Qualifications

  • Experience supporting healthcare organizations, hospitals, or healthcare delivery networks.
  • Familiarity with vulnerability management tools such as:
  • Tenable
  • Qualys
  • Rapid7
  • Microsoft Defender Vulnerability Management
  • Experience with:
  • SCCM/MECM
  • Microsoft Intune
  • Microsoft Defender Suite
  • Azure Cloud Services
  • ServiceNow
  • Knowledge of enterprise risk management methodologies.
  • Project management experience leading cross-functional remediation initiatives.

Preferred Certifications

  • CISSP (Certified Information Systems Security Professional)
  • CISM (Certified Information Security Manager)
  • CompTIA Security+
  • Certified in Cybersecurity (CC)
  • Microsoft Certified: Endpoint Administrator Associate
  • Microsoft Certified: Azure Administrator Associate
  • ITIL Foundation Certification

About the Company

V

Value2Biz de Mexico SC