Vulnerability Patch Management Specialist - VP

Natixis CIB Americas is seeking a skilled and experienced Vulnerability Patch Management Specialist to join our dynamic team. Reporting to the Director of Vulnerability Patch Management, the successful candidate will oversee the vulnerability patch management process, ensuring timely identification and remediation of security vulnerabilities across our systems and infrastructure. This role requires close collaboration with cross-functional teams within the Americas platform and the Head Office to implement effective vulnerability and patch management strategies and processes.

The candidate will manage day-to-day activities while enhancing the Americas CIB Vulnerability Patch Management (VPM) program. Responsibilities include producing regular KPIs, addressing and adapting to KRIs, and advancing the program using a risk-based approach to focus remediation efforts. The candidate will track the risk register, follow up on updates, and oversee entries through the risk decision-making process (risk acceptance, risk exception, etc.) along with associated remediation actions. Additionally, maintaining comprehensive documentation regarding all aspects of the VPM program is essential.

The Vulnerability Patch Management Specialist will support and liaise with the global team on activities by performing the following actions :

• Manage the vulnerability patch management process, including identification, prioritization, and remediation of vulnerabilities in infrastructure systems (e.g., applications, SDLC development).
• Provide regular and comprehensive reporting on VPM-related topics.
• Collaborate with IT teams within the Americas platform and with the Head Office (BPCE / Natixis) and the Natixis International platform (APAC and EMEA).
• Evaluate the impact of vulnerabilities and their associated risk levels.
• Prioritize patch deployment, manage service level agreement (SLA) breaches, and develop follow-up action plans as needed.
• Develop and enhance VPM procedures and processes.
• Participate in vulnerability assessments and remediation activities, tracking software and system updates.
• Strengthen compliance around the use of approved tools and best practices, including secure coding guidelines and Application Security within the Software Development Life Cycle (SDLC) in the Continuous Integration (CI) / Continuous Development (CD) pipeline.
• Liaise with the second line of defense (CISO and Technology Risk Management) as well as internal and external audit teams.
• Coordinate the development and maintenance of a comprehensive patch management strategy and process to ensure timely and effective patching across all systems and infrastructure.
• Assist IT teams with vendors and external partners to obtain and deploy patches promptly, as part of IT Assessment Management and End of Life / End of Support remediation efforts.
• Monitor and report on the effectiveness of patch management, identifying areas for improvement and implementing best practices.
• Stay abreast of industry best practices, emerging threats, and security vulnerabilities to continuously enhance the patch management process. Familiarity with industry cybersecurity frameworks (NIST, CIS, COBIT, etc.) is essential.
• Provide backup support for cybersecurity projects, incidents, action plans, and audit findings remediation.
• Be available for ad-hoc off-hour support to address emergent threats as needed.
• Experience in Security Information Event Management, Vulnerability Management, and Patch Management tools.
• Perform Risk Control Self-Assessment (RCSA) on LOD1 controls.

Required Skills / Qualifications / Experience :

Natixis is an equal opportunity employer, committed to a workplace free of discrimination. Natixis will not tolerate any form of discrimination based on age, color, mental or physical handicap or disability, pregnancy, marital status, sexual orientation, national origin, alienage, ancestry or citizenship status, race, religion, sex (including sex stereotyping, gender identity, gender expression or transgender status), veteran status, creed, genetic information or carrier status, or any other protected characteristic as established by law.

Respect for all means that we deal with each person as an individual and not as a member of any group. All qualified applicants will receive consideration for employment. Management is expected to provide leadership in supporting the firms EEO program by taking steps to promote EEO in all facets of employment including recruitment, hiring, retention, promotion, performance assessment, and career-development opportunities.

The salary range for this position will be between $125,000 - $160,000. Natixis is required by law to include a reasonable estimate of the compensation range for this role. Actual base salary will vary and will be based on several factors including, but not limited to, relevant experience, education, skills set, applicable licensure and certifications, and other business and organizational needs. Base salary is only one component of our total rewards package. Natixis also offers a generous benefits package, and you may be eligible for a discretionary incentive award depending on company and individual performance

Salary : $125,000 - $160,000