Data Analyst (Vulnerability Management)

Our client in the public sector is seeking a contract based Data Analyst to support their Cyber department.Duration: 6 months + extensionHybrid: 3d/week TorontoResponsibilitiesDeliver comprehensive Vulnerability Management reporting and metrics, including KPIs and KRIs.Perform regular vulnerability, discovery, and policy scans across IT and OT systems.Configure and maintain asset tagging (criticality, ownership, function, location, etc.).Generate and present scheduled scan reportsConduct policy compliance scans against CIS benchmarks and relevant industry standards.Issue patch advisories and coordinate remediation efforts with stakeholders.Support onboarding of new entities for both IT and OT domains.Manage VM operational activities, including system maintenance and dashboard configuration.Develop custom dashboards to display vulnerability data tailored to specific divisions and agencies.Leverage threat intelligence and contextual data to improve vulnerability prioritization.Collaborate with cross-functional teams to recommend and implement mitigation strategies.Contribute to initiatives that expand vulnerability management coverage and maturity across the enterprise.Requirements3–5 years of hands-on experience in vulnerability management using Tenable IT and OT stacks.Proven experience in identifying, assessing, and remediating vulnerabilities within large or complex government or private-sector environments.Solid understanding of Operational Technology (OT) systems such as SCADA, ICS, and other industrial control environments.Familiarity with OT security standards (IEC 62443, NERC CIP, or similar).Experience integrating vulnerability management tools with SIEM, EDR, ITSM, and Threat Intelligence platforms.Cybersecurity certification (e.g., CISSP, CEH, OSCP, or equivalent) required.Technical certifications (e.g., Tenable Vulnerability Management Specialist, OT Security certification) are an asset.Strong grasp of networking protocols, operating systems (Windows, Linux), and cybersecurity principles.