Cyber Security Analyst – Vulnerability Management – F&R, Thomson Reuters, Nottingham UK

  • Full Time
  • Nottingham
  • Location: Nottingham
  • Title: Cyber Security Analyst - Vulnerability Management - F&R
  • Salary: Competitive

Website Thomson Reuters

Thomson Reuters provides professionals with the intelligence, technology and human expertise they need to find trusted answers. We enable professionals in the financial and risk, legal, tax and accounting, and media markets to make the decisions that matter most, all powered by the world's most trusted news organization

This role sits within our Financial & Risk (“F&R”) business.  On January 30, 2018, Thomson Reuters announced that it signed a definitive agreement to enter into a strategic partnership with private equity funds managed by Blackstone related to the company’s F&R business. As part of the transaction, Thomson Reuters has agreed to sell a 55% majority stake in Financial & Risk and will retain a 45% interest in the business.  Thomson Reuters will maintain full ownership of its Legal, Tax & Accounting and the Reuters News businesses. The transaction is expected to close in the second half of the year and is subject to specified regulatory approvals and customary closing conditions. When the transaction closes, this role will be included in the new F&R entity.  Further information on this can be found at

We are currently seeking an Cyber Security Analyst, Vulnerability Management to be located in Nottingham, UK.  This position will report to the Director, Vulnerability Management in F&R’s Information Security & Risk Management Organization.  The Cyber Security Analyst, Vulnerability Management will ensure that vulnerabilities are properly and timely identified with the goal of keeping F&R’s infrastructure secure. This includes monitoring Vulnerability Management processes for performance, coordinating scanning schedules, risk acceptances, and serving as an administrator of the Vulnerability Management tool sets.


Research and analyze vulnerabilities, identifying relevant threats, corrective action recommendations, summarizing and reporting results.
Analyze vulnerability test results and engage with technology partners and business units in order to resolve identified vulnerabilities within SLAs.
Identify and recommend appropriate measures to manage and remediate vulnerabilities with the focus on reducing potential impacts on information resources to an acceptable level
Able to successfully partner with other information security and IT infrastructure professionals to assess potential impact from vulnerabilities specific to F&R’s environment and determine appropriate mitigating controls.
Understands and advises on enterprise policies and technical standards with specific regard to vulnerability management and secure configuration.
Build strong partnerships with technical teams to promote best practices for managing vulnerabilities in an agile manner; across traditional infrastructure and in cloud environments.
Analyze business requirements and work with business partners to define appropriate solutions; meeting both security mandates and business needs.
Review and/or escalate exception requests submitted to the Vulnerability Management team
Using a risk based approach, analyze F&R’s vulnerability data against open / closed information sources to best prioritize vulnerability hygiene activities.
Produce metrics and reporting on the state of system security, threat, vulnerability and patch management.
Develop and improve KPIs, metrics, and trend analysis for vulnerability management functions.
Assist the team to maintain appropriate documentation that defines the Vulnerability Management Program, policies, and procedures.


BS/BA degree in Computer Science/ Information Technology/ Information Security or related field or equivalent work experience
Experience in Information Security with a focus on Vulnerability Management
Work experience in Information Technology
Previous experience working in large scale environments with diverse technologies
Detailed knowledge of the Vulnerability Management process including vulnerability identification, false negative/positives identification & elimination
Strong knowledge of Qualys, including configuration and maintenance, scan execution, cloud agent deployment and oversight
Knowledge of industry standards relating to Vulnerability Management including Common Vulnerabilities and Exposures (CVE), Common Vulnerability Scoring System (CVSS) and Open Web Application Security Project (OWASP).
Knowledge of technology and security topics including operating systems, network security, protocols, application security, infrastructure hardening and security baselines.
Knowledge of Cloud technologies such as AWS and Azure
Knowledge of general network, platform, enterprise, cloud and security technologies
Basic knowledge of Security Standards/Controls specified under various IT governance and compliance models (NIST, HIPAA, PCI, GDPR, ISO 27001&27002).
Willingness and ability to travel domestically and internationally up to 15%

Desired Characteristics:

Certifications such as Security+
Knowledge of scripting languages desired
Knowledge in various operating systems and enterprise platforms to include: Windows, Linux/Unix, Mac OS, iOS, Android, Active Directory, .Net framework, Oracle business products, SAP, etc.

At Thomson Reuters, we believe what we do matters. We are passionate about our work, inspired by the impact it has on our business and our customers. As a team, we believe in winning as one – collaborating to reach shared goals, and developing through challenging and meaningful experiences. With more than 45,000 employees in more than 100 countries, we work flexibly across boundaries and realize innovations that help shape industries around the world. Making this happen is a dynamic, evolving process, and we count on each employee to be a catalyst in driving our performance – and their own.

As a global business, we rely on diversity of culture and thought to deliver on our goals. To ensure we can do that, we seek talented, qualified employees in all our operations around the world regardless of race, color, sex/gender, including pregnancy, gender identity and expression, national origin, religion, sexual orientation, disability, age, marital status, citizen status, veteran status, or any other protected classification under country or local law. Thomson Reuters is proud to be an Equal Employment Opportunity/Affirmative Action Employer providing a drug-free workplace.

Intrigued by a challenge as large and fascinating as the world itself? Come join us.

To learn more about what we offer, please visit

More information about Thomson Reuters can be found on

You must register to apply for this job.