The IT Software Asset Manager and Vulnerability Analyst leads the IT Software Asset Management Team by working independently, with limited supervision, managing the agency's hardware inventory, software asset portfolio, and remediating associated risks and vulnerabilities.  This includes software licensing management, spend optimization, risk analysis, and vulnerability management utilizing various asset and vulnerability management tooling/data feeds and then leading remediation efforts and/or providing executive level reports to drive risk mitigations or other key business decisions.  

Primary Duties and Responsibilities

Software Asset Manager

Streamline the management of software assets to ensure compliance with vendor contracts and determine optimal licensing structure. 

Provide advice and guidance about software product updates and licensing as they impact licensing structures and cost.

Maintain an accurate software portfolio and hardware inventory throughout an IT asset's lifecycle, from procurement to decommissioning.

Lead the timely data collection from multiple sources and then input into the asset management applications/tools utilized to support asset inventory tracking, updates, and analysis.

Perform licensing compliance analysis and research to remediate compliance issues, to proactively prevent financial risks/loss, and support spend optimization.

Create executive level reports and dashboards to aid in providing an overview of IT hardware and software assets, which will drive key business decisions.  

Conduct IT asset inventory reviews with asset owners and/or teams to update and/or validate the accuracy of inventory records.

Complete analysis and system updates as a result of new and changes to IT asset procurement agreements, licensing, and contract renewals.

Process IT asset management related service requests via the Agency's ticketing system for software usage, license availability, mitigate over deployed software, and harvest licenses from retired or repurposed assets.  

Provide timely analysis and responses, both verbally and written, to support end of life/support, patch management, risk assessments, internal and external audits, and any regulatory demands.

Create and maintain IT asset related documentation and process procedures annually and as changes occur to processes, applications, tools, and controls to support audit inquiries and business continuity.  

Evaluate internal controls and policies for potential areas of weakness, recommend and develop control and policy updates to bring effective, positive changes to reduce the risk of audit findings, legal or regulatory sanctions, possible financial loss, and/or damage to the Agency's reputation.

Vulnerability Analyst

Identify vulnerabilities and risks to develop strategies to correct and strengthen the system's security.

Understand and document the business criticality of each asset, owner, data classifications, location, and other key criteria to support business continuity and the agency's overall security posture.

Analyze associated data to develop and maintain quarterly inventory lists as needed to meet PHEAA's compliance requirements, reporting, and/or policy standards.

Provide guidance and recommendation to the Enterprise Security Office (ESO) for Nessus scanning and configuration needs.

Assist in building and maintaining roadmaps within the development of the Vulnerability Management Workflow.

Evaluate internal controls and policies for potential areas of weakness, recommend and develop control and policy updates to bring effective, positive changes to reduce the risk of audit findings, legal or regulatory sanctions, possible financial loss, and/or damage to the Agency's reputation.

Participate and contribute (provide written and verbal responses) during/for external and internal audit reviews, and/or complex compliance inquiries.

*Other Duties and esponsibilities *

Must stay current on industry specific knowledge and trends.

Comply with the Agency's enterprise security and privacy policies and departmental procedures.

Other duties as assigned.

Required Skills

Minimum two years of experience with IT Asset Management software/tooling.

• Maintain the lifecycle of asset inventory records.

```{=html}

``` - Remediate through coordination with Teams any licensing compliance deviations.

```{=html}

``` - Publish and audit asset and spend optimization reports.  

Proven ability to maintain an accurate software portfolio and hardware inventory throughout an IT asset's lifecycle (procurement to decommissioning), understanding the importance and use of assets as they relate to a CMDB and utilizing IT Asset Management tools and concepts.

Proven ability to interpret software contracts, metrics, and licensing compliance requirements to ensure compliance with vendor contracts and determinate optimal licensing structure.

Experience with vulnerability management tools, such as Tenable-Nessus, and the ability to analyze and remediate risks.

Proven ability to create reports and dashboards to respond to compliance and audit requests. 

Create and maintain documentation for business processes, procedures, and audit requirements.  

Desired Skills

Support maintenance and upgrade functions.

Manage service ticket queue/requests.