IT Software Asset Manager & Vulnerability Analyst
The Judge Group Inc.

Job Info

---

Location: Harrisburg, PA
Description: Our client is currently seeking a IT Software Asset Manager & Vulnerability Analyst: MOSTLY REMOTE - 1 DAY PER WEEK ONSITE

JOB PURPOSE AND SUMMARY

The IT Software Asset Manager and Vulnerability Analyst leads the IT Software Asset Management Team by working independently, with limited supervision, managing the agency's hardware inventory, software asset portfolio, and remediating associated risks and vulnerabilities. This includes software licensing management, spend optimization, risk analysis, and vulnerability management utilizing various asset and vulnerability management tooling/data feeds and then leading remediation efforts and/or providing executive level reports to drive risk mitigations or other key business decisions.

PRIMARY DUTIES AND RESPONSIBILITIES

•Streamline the management of software assets to ensure compliance with vendor contracts and determine optimal licensing structure.

•Provide advice and guidance about software product updates and licensing as they impact licensing structures and cost.

•Maintain an accurate software portfolio and hardware inventory throughout an IT asset's lifecycle, from procurement to decommissioning.

•Lead the timely data collection from multiple sources and then input into the asset management applications/tools utilized to support asset inventory tracking, updates, and analysis.

•Perform licensing compliance analysis and research to remediate compliance issues, to proactively prevent financial risks/loss, and support spend optimization.

•Create executive level reports and dashboards to aid in providing an overview of IT hardware and software assets, which will drive key business decisions.

•Conduct IT asset inventory reviews with asset owners and/or teams to update and/or validate the accuracy of inventory records.

•Complete analysis and system updates as a result of new and changes to IT asset procurement agreements, licensing, and contract renewals.

•Process IT asset management related service requests via the Agency's ticketing system for software usage, license availability, mitigate over deployed software, and harvest licenses from retired or repurposed assets.

•Provide timely analysis and responses, both verbally and written, to support end of life/support, patch management, risk assessments, internal and external audits, and any regulatory demands.

•Create and maintain IT asset related documentation and process procedures annually and as changes occur to processes, applications, tools, and controls to support audit inquiries and business continuity.

•Evaluate internal controls and policies for potential areas of weakness, recommend and develop control and policy updates to bring effective, positive changes to reduce the risk of audit findings, legal or regulatory sanctions, possible financial loss, and/or damage to the Agency's reputation.

•Identify vulnerabilities and risks to develop strategies to correct and strengthen the system's security.

•Understand and document the business criticality of each asset, owner, data classifications, location, and other key criteria to support business continuity and the agency's overall security posture.

•Analyze associated data to develop and maintain quarterly inventory lists as needed to meet PHEAA's compliance requirements, reporting, and/or policy standards.

•Provide guidance and recommendation to the Enterprise Security Office (ESO) for Nessus scanning and configuration needs.

•Assist in building and maintaining roadmaps within the development of the Vulnerability Management Workflow.

•Evaluate internal controls and policies for potential areas of weakness, recommend and develop control and policy updates to bring effective, positive changes to reduce the risk of audit findings, legal or regulatory sanctions, possible financial loss, and/or damage to the Agency's reputation.

•Participate and contribute (provide written and verbal responses) during/for external and internal audit reviews, and/or complex compliance inquiries.

EDUCATION AND EXPERIENCE

Minimum qualifications: Bachelor's degree in computer science, two to four years of experience with enterprise asset management applications/tools, experience with IT contract management, IT Operations and/or Compliance on an enterprise scale or any equivalent combination of training, experience, and/or certification.

•Demonstrating solid experience maintaining the lifecycle of asset inventory records.

•Demonstrating solid experience remediate through coordination with teams any licensing compliance deviations.

•Demonstrating solid experience publishing and audit asset and spend optimization reports.

•Proven ability to maintain an accurate software portfolio and hardware inventory throughout an IT asset's lifecycle (procurement to decommissioning), understanding the importance and use of assets as they relate to a CMDB and utilizing IT Asset Management tools and concepts.

•Proven ability to interpret software contracts, metrics, and licensing compliance requirements to ensure compliance with vendor contracts and determine optimal licensing structure.

•Experience with vulnerability management tools, such as Tenable-Nessus.

•Proven ability to create reports and dashboards to respond to compliance and audit requests.

•Create and maintain documentation for business processes, procedures, and audit requirements.

•Support maintenance and upgrade functions.

•Manage service ticket queue/requests.

•Proficient with MS Office Products, and experience with SharePoint. to sort, analyze, record, share, and present analysis.

•Demonstrated strong communication skills both written and verbal communication skills.

•Demonstrated analytical, critical thinking, and organizational skills.

•Interpersonal skills to support agency initiatives, internal and external customer requests, and teamwork.

Contact: cleahy02@judge.com

This job and many more are available through The Judge Group. Find us on the web at www.judge.com

---