Vulnerability Patch Management Specialist

Poste et missions

Natixis CIB Americas is seeking a skilled and experienced Vulnerability Patch Management Specialist to join our dynamic team. Reporting to the Director of Vulnerability Patch Management, the successful candidate will oversee the vulnerability patch management process, ensuring timely identification and remediation of security vulnerabilities across our systems and infrastructure. This role requires close collaboration with cross-functional teams within the Americas platform and the Head Office to implement effective vulnerability and patch management strategies and processes.

The candidate will manage day-to-day activities while enhancing the Americas CIB Vulnerability Patch Management (VPM) program. Responsibilities include producing regular KPIs, addressing and adapting to KRIs, and advancing the program using a risk-based approach to focus remediation efforts. The candidate will track the risk register, follow up on updates, and oversee entries through the risk decision-making process (risk acceptance, risk exception, etc.) along with associated remediation actions. Additionally, maintaining comprehensive documentation regarding all aspects of the VPM program is essential.

The Vulnerability Patch Management Specialist will support and liaise with the global team on activities by performing the following actions :

• Manage the vulnerability patch management process, including identification, prioritization, and remediation of vulnerabilities in infrastructure systems (e.g., applications, SDLC development).
• Provide regular and comprehensive reporting on VPM-related topics.
• Collaborate with IT teams within the Americas platform and with the Head Office (BPCE / Natixis) and the Natixis International platform (APAC and EMEA).
• Evaluate the impact of vulnerabilities and their associated risk levels.
• Prioritize patch deployment, manage service level agreement (SLA) breaches, and develop follow-up action plans as needed.
• Develop and enhance VPM procedures and processes.
• Participate in vulnerability assessments and remediation activities, tracking software and system updates.
• Strengthen compliance around the use of approved tools and best practices, including secure coding guidelines and Application Security within the Software Development Life Cycle (SDLC) in the Continuous Integration (CI) / Continuous Development (CD) pipeline.
• Liaise with the second line of defense (CISO and Technology Risk Management) as well as internal and external audit teams.
• Coordinate the development and maintenance of a comprehensive patch management strategy and process to ensure timely and effective patching across all systems and infrastructure.
• Assist IT teams with vendors and external partners to obtain and deploy patches promptly, as part of IT Assessment Management and End of Life / End of Support remediation efforts.
• Monitor and report on the effectiveness of patch management, identifying areas for improvement and implementing best practices.
• Stay abreast of industry best practices, emerging threats, and security vulnerabilities to continuously enhance the patch management process. Familiarity with industry cybersecurity frameworks (NIST, CIS, COBIT, etc.) is essential.
• Provide backup support for cybersecurity projects, incidents, action plans, and audit findings remediation.
• Be available for ad-hoc off-hour support to address emergent threats as needed.
• Experience in Security Information Event Management, Vulnerability Management, and Patch Management tools.
• Perform Risk Control Self-Assessment (RCSA) on LOD1 controls.

The salary range for this position will be between $125,000 - $160,000. Natixis is required by law to include a reasonable estimate of the compensation range for this role. Actual base salary will vary and will be based on several factors including, but not limited to, relevant experience, education, skills set, applicable licensure and certifications, and other business and organizational needs. Base salary is only one component of our total rewards package. Natixis also offers a generous benefits package, and you may be eligible for a discretionary incentive award depending on company and individual performance

Profil et comptences requises

Bachelor's degree in Computer Science, Information Technology, or a related field.

Five years of related experience.

Proven experience in vulnerability management, patch management, or related security roles, with oversight of Plans of Action and Milestones (POAM).

Strong understanding of common security vulnerabilities and the ability to assess their impact on systems and infrastructure.

Experience with vulnerability management and SIEM tools.

Familiarity with security and IT audit frameworks and standards (e.g., NIST, FFIEC handbooks).

Effective communication and collaboration skills for management presentation materials, and the ability to work effectively with cross-functional teams.

Proficient in reporting and analysis tools, including Power BI and advanced Excel / Power Query.

Relevant certifications such as CISSP, CRISC, CISM, Security , or equivalent are a plus.

Salary : $125,000 - $160,000