Morningstar

About the Company

Morningstar, Inc. is a leading provider of independent investment insights in North America, Europe, Australia, and Asia. The Company offers an extensive line of products and solutions that serve a wide range of market participants, including individual and institutional investors in public and private capital markets, financial advisors and wealth managers, asset managers, retirement plan providers and sponsors, and issuers of fixed-income securities. Morningstar provides data and research insights on a wide range of investment offerings, including managed investment products, publicly listed companies, private capital markets, debt securities, and real-time global market data. Morningstar also offers investment management services through its investment advisory subsidiaries, with approximately $328 billion in AUMA as of Sept. 30, 2024. The Company operates through wholly-owned subsidiaries in 32 countries.

Listed Jobs

Company Name

Morningstar

Job Title

Senior Analyst, Vulnerability Management

Job Description

Job Title: Senior Analyst, Vulnerability Management Role Summary: Senior Analyst for Vulnerability Management, operating within a Remediation Operations team to evaluate cybersecurity defense data, prioritize high‑risk vulnerabilities, and guide technical remediation activities across enterprise systems. Expectations: - Deliver actionable vulnerability assessments and remediation guidance surpassing automated tool outputs. - Coach and support remediation operations, driving resolution and progress tracking. - Maintain comprehensive reports on KPIs, risk status, and remediation progress for stakeholders. - Mentor junior analysts and promote continuous learning in security practices. Key Responsibilities: - Analyze vulnerabilities in system and application contexts to determine impact on business assets. - Review vulnerabilities across diverse technologies and environments to identify critical risks. - Provide detailed technical analysis, remediation options, and executive‑level security reports. - Staff and coordinate enterprise‑wide vulnerability management program, including process documentation. - Track resolution progress, update dashboards, and communicate status to stakeholders. - Conduct training and mentorship for junior team members. Required Skills: - 3+ years of information security experience with minimum 1 year in vulnerability management. - Proficient use of vulnerability assessment tools (e.g., Nessus, Qualys, Rapid7). - Strong understanding of risk management processes, threat intelligence, and attack methodologies (ATT&CK). - Ability to analyze code/configurations for security weaknesses. - Skilled at categorizing and prioritizing vulnerability types. - Excellent communication, teaching, and stakeholder influence abilities. - Familiarity with enterprise infrastructure, including on‑prem and cloud environments. Required Education & Certifications: - Bachelor’s degree in Computer Science, Information Security, or related field. - Certifications such as CISSP, CISM, CVE, GCIH, or equivalent are desirable but not mandatory. ---

Toronto, Canada

Hybrid

Senior

29-01-2026