Job DescriptionNatixis CIB Americas is seeking a skilled and experienced Vulnerability Patch Management Specialist to join our dynamic team. Reporting to the Director of Vulnerability Patch Management, the successful candidate will oversee the vulnerability patch management process, ensuring timely identification and remediation of security vulnerabilities across our systems and infrastructure. This role requires close collaboration with cross-functional teams within the Americas platform and the Head Office to implement effective patch management strategies and processes.The candidate will manage day-to-day activities while enhancing the Americas CIB Vulnerability Patch Management (VPM) program. Responsibilities include producing regular KPIs, addressing and adapting to KRIs, and advancing the program using a risk-based approach to focus remediation efforts. The candidate will track the risk register, follow up on updates, and oversee entries through the risk decision-making process (exception, risk acceptance) along with associated remediation actions. Additionally, maintaining comprehensive documentation regarding all aspects of the VPM program is essential.The Vulnerability Patch Management Specialist will support Global Macro trading activities by performing the following actions:
- Manage the vulnerability patch management process, including identification, prioritization, and remediation of vulnerabilities in infrastructure systems (e.g., applications, SDLC development).
- Provide regular and comprehensive reporting on VPM-related topics.
- Collaborate with IT teams within the Americas platform and with Head Office (BPCE/Natixis) and the Natixis International platform (APAC and EMEA).
- Assess the impact of vulnerabilities and associated risk levels.
- Prioritize patch deployment and manage SLA breaches, developing follow-up action plans as necessary.
- Develop and enhance VPM procedures and processes.
- Participate in vulnerability assessments and remediation activities; track software and system updates.
- Strengthen compliance around the use of approved tools and best practices, including secure coding guidelines.
- Liaise with the second line of defense (CISO and Technology Risk Management) as well as internal and external audit teams.
- Coordinate the development and maintenance of a comprehensive patch management strategy and process to ensure timely and effective patching across all systems and infrastructure.
- Assist IT teams with vendors and external partners to obtain and deploy patches promptly.
- Monitor and report on the effectiveness of patch management, identifying areas for improvement and implementing best practices.
- Stay abreast of industry best practices, emerging threats, and security vulnerabilities to continuously enhance the patch management process.
- Provide backup support for cybersecurity projects, incidents, action plans, and audit findings remediation.
- Be available for ad-hoc off-hour support to address emergent threats as needed.
The salary range for this position will be between $115,000 - $130,000. Natixis is required by law to include a reasonable estimate of the compensation range for this role. Actual base salary will vary and will be based on several factors including, but not limited to, relevant experience, education, skills set, applicable licensure and certifications, and other business and organizational needs. Base salary is only one component of our total rewards package. Natixis also offers a generous benefits package, and you may be eligible for a discretionary incentive award depending on company and individual performance.