Vulnerability Management Specialist

Zelis is seeking a dedicated Vulnerability Management Specialist to serve as the single point of contact for disaster recovery and vulnerability management across the divisional IT teams. This role will manage DR recovery documentation, with responsibility to ensure RTO/RPO objectives, testing, and execution during events, and is also responsible for identifying, tracking, and driving the resolution of vulnerabilities in servers and code while establishing and promoting best practices in build and deployment processes.

Additionally, the Vulnerability Management Specialist will ensure that all efforts align with compliance frameworks such as SOC II, PCI DSS, and HIPAA. This critical role will enhance the organization’s security posture, reduce risks, and maintain compliance with industry standards.

What You'll Do:

Vulnerability Management:

• Act as the primary liaison between enterprise IT and divisional IT teams for all disaster recovery and vulnerability-related efforts.

• Develop, maintain, and update disaster recovery plans for all critical systems and processes.

• Own and maintain the centralized repository for tracking known vulnerabilities, ensuring visibility and accountability across teams.

• Develop and manage roadmaps to reduce active vulnerabilities and implement preventative measures.

Testing and Validation:

• Plan and execute regular DR tests and simulations, ensuring the effectiveness of recovery plans.

• Identify gaps during testing and implement improvements to strengthen DR readiness.

Compliance and Risk Mitigation:

• Ensure vulnerability management processes and practices align with SOC II, PCI DSS, and HIPAA requirements.

• Collaborate with compliance and audit teams to address vulnerabilities identified during assessments or audits.

• Support external and internal audits by providing evidence of vulnerability remediation and secure practices.

• Develop and enforce policies and procedures to meet regulatory requirements in server configuration, application development, and data protection.

Prevention and Best Practices:

• Collaborate with enterprise and divisional teams to establish and enforce best practices in server configuration, code development, and deployment tools.

• Drive adoption of secure build and deployment processes to prevent vulnerabilities from being introduced into production environments.

• Implement mechanisms to measure and report on vulnerability aging and "live days," highlighting trends and areas for improvement.

Collaboration and Leadership:

• Partner with IT, infrastructure, and application teams to align recovery strategies with business objectives.

• Partner with security, compliance, infrastructure, and development teams to align vulnerability management strategies with organizational goals.

• Provide regular updates to leadership on vulnerability status, compliance posture, reduction progress, and aging metrics.

• Champion a culture of security awareness and continuous improvement throughout the organization.

Incident Response:

• Serve as the primary point of contact during DR incidents, coordinating recovery efforts and communications.

• Work with internal and external teams to ensure swift resolution of issues and minimal downtime.

Monitoring, Reporting, and Documentation:

• Develop dashboards and reports to track and communicate the status of vulnerabilities, aging metrics, and risk reduction outcomes.

• Document processes and workflows to ensure alignment with SOC II, PCI DSS, and HIPAA standards.

• Analyze trends and provide actionable insights to improve security posture and maintain compliance.

What You'll Bring to Zelis:

• Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, or a related field (or equivalent experience).

• 3+ years of experience in vulnerability management, cybersecurity, or IT operations.

• 3+ years of experience in IT operations, disaster recovery, or business continuity roles helpful.

• Hands-on experience developing and executing disaster recovery plans.

• Proven track record of reducing vulnerabilities and implementing preventative practices in complex IT environments.

• Experience working with compliance frameworks such as SOC II, PCI DSS, HIPAA, or ISO 27001.

• Strong understanding of vulnerability scanning tools (e.g., Nessus, Qualys, or similar) and patch management processes.

• Knowledge of secure software development practices and deployment pipelines (e.g., CI/CD).

• Familiarity with enterprise IT infrastructure, including servers, networks, and cloud environments.

• Strong understanding of regulatory requirements for data protection and security standards.

• Excellent communication and interpersonal skills, with the ability to work collaboratively across teams and levels.

• Strong analytical and problem-solving abilities, with attention to detail.

• Ability to manage multiple priorities and deliver results in a fast-paced environment.

• Certifications such as Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), or Global Information Assurance Certification (GIAC).

• Hands-on experience supporting audits for SOC II, PCI DSS, or HIPAA compliance.

• Familiarity with frameworks such as NIST Cybersecurity Framework or ISO 27001.

Location and Workplace Flexibility
We have offices in Atlanta GA, Boston MA, Morristown NJ, Plano TX, St. Louis MO, St. Petersburg FL, and Hyderabad, India. We foster a hybrid and remote friendly culture, and all our employee's work locations are based on the needs of the position and determined by the Leadership team. In-office work and activities, if applicable, vary based on the work and team objectives in accordance with Company policies.  
 

Zelis is modernizing the healthcare financial experience by providing a connected platform that bridges the gaps and aligns interests across payers, providers, and healthcare consumers. This platform serves more than 750 payers, including the top 5 national health plans, BCBS insurers, regional health plans, TPAs and self-insured employers, and millions of healthcare providers and consumers. Zelis sees across the system to identify, optimize, and solve problems holistically with technology built by healthcare experts – driving real, measurable results for clients.

Commitment to Diversity, Equity, Inclusion, and Belonging 
At Zelis, we champion diversity, equity, inclusion, and belonging in all aspects of our operations. We embrace the power of diversity and create an environment where people can bring their authentic and best selves to work. We know that a sense of belonging is key not only to your success at Zelis, but also to your ability to bring your best each day.

Equal Employment Opportunity  
Zelis is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. 

We encourage members of traditionally underrepresented communities to apply, even if you do not believe you 100% fit the qualifications of the position, including women, LGBTQIA people, people of color, and people with disabilities.  

Accessibility Support 

We are dedicated to ensuring our application process is accessible to all candidates. If you are a qualified individual with a disability or a disabled veteran and require a reasonable accommodation with any part of the application and/or interview process, please email TalentAcquisition@zelis.com.  

SCAM ALERT: There is an active nationwide employment scam which is now using Zelis to garner personal information or financial scams. This site is secure, and any applications made here are with our legitimate partner. If you’re contacted by a Zelis Recruiter, please ensure whomever is contacting you truly represents Zelis Healthcare. We will never asked for the exchange of any money or credit card details during the recruitment process. Please be aware of any suspicious email activity from people who could be pretending to be recruiters or senior professionals at Zelis.