Information Security Vulnerability Management Analyst

The Information Security team is responsible for ensuring that JCB has the correct level of security integrity to protect our systems, information, personal data and people from cyber-attacks and unauthorised access.

We are seeking a detail-oriented and proactive Vulnerability Management Analyst to join our on-site Information Security team.

This critical role is essential in identifying, assessing, and mitigating vulnerabilities across our IT, OT, Cloud and SaaS environments. You will work closely with infrastructure, application, and operations teams to ensure timely remediation of security risks.

What does this role involve day to day?

• Manage the Vulnerability Management Process and Platform globally

• Perform regular vulnerability scans and testing across IT, OT and SaaS systems using industry-standard tools

• Arrange and Manage 3rd Parties for Security Penetration Tests on internal and external systems

• Analyse scan results, prioritise vulnerabilities, and coordinate remediation efforts with relevant teams - see through to completion

• Maintain and improve the vulnerability management lifecycle and reporting processes

• Feed in to Risk Register and other teams for immediate and future improvements

• Track and report on remediation progress and risk posture to senior stakeholders

• Collaborate with IT and engineering teams to ensure secure configurations and patch management - find the root causes of issues and work to resolve

• Support compliance alignment with NIST, and Cyber Essentials

• Assist in threat modelling and risk assessments

• Maintain documentation and procedures related to vulnerability management

• Seek out and exploit opportunities for improvement to the group's overall security posture.

Do you have experience in NIST standards?, * You're passionate about cyber security and keeping up with the latest trends, threats and mitigations

• You have proven experience in vulnerability management or previous role(s) as Security Analyst/Engineer

• You have a strong understanding of vulnerability scanning tools and techniques

• You're familiar with CVSS scoring and vulnerability prioritisation techniques.

• You have knowledge of patch management processes and secure system configurations.

• You are familiar with OT environments is a plus

• You have an understanding of security frameworks such as NIST, and Cyber Essentials

• You have an ability to work independently in a fast-paced, on-site environment

• You have a strong analytical mindset and communication skills.

• You have an understanding of IT Service Management principles ideally ITIL.

Pulled from the full job description

• Gym membership
• Company pension
• On-site gym
• Cycle to work scheme
• Car scheme, This is your chance to join a company that values expertise not only in rewards but also in real employee care. At JCB you don't just get a competitive salary, 33 days' holiday and access to our company pension-you can also use our onsite gym, in-house doctor, dentist and visiting optician. We have an ULEV car scheme available for our employees too. Then there's the JCB Rewards Hub, which gives you discounts with high street retailers. Feel like biking to work? There's our Cycle to Work Scheme.