Job Description:

Natixis CIB Americas is seeking a skilled and experienced VP-level Vulnerability Patch Management Specialist to join our dynamic team. The successful candidate will be responsible for leading the vulnerability patch management process, ensuring the timely identification and remediation of security vulnerabilities across our systems and infrastructure. The Vulnerability Patch Management Specialist will work closely with cross-functional teams with the Americas platform as well as with Head Office, to develop and implement effective patch management strategies and processes.For a complete understanding of this opportunity, and what will be required to be a successful applicant, read on.The candidate will play a key role in running the day-today activity as well as enhancing our Americas CIB VPM program. The candidate will oversee the production of regular KPIs, be able to address and adapt to KRIs as well as advance the program with a risk based approach that can be shared with key stakeholders to focus remediation efforts.The candidate will track risk register, follow-ups, updates and oversee entries to it through the risk decisioning process (exception, risk acceptance) and the associated remediation actions. He/She/They will also be responsible for assuring that all process and procedure documentation regarding all aspects of the VPM program are maintained.Lead the vulnerability patch management process, including vulnerability identification, prioritization, and remediation.Provide strong and regular reporting for VPM related topicsCollaborate with IT teams within the Americas platform as well as with Head Office (BPCE / Natixis) and other Natixis International platform (APAC and EMEA) to:Assess the impact of vulnerabilities and associated risk levelsPrioritize patch deployment and any SLA breachesFollow up action plansProvide strong and regular reporting for VPM related topicsParticipate in vulnerability assessments and remediation activities, track software and system updates, and strengthen compliance around the use of approved tools and best practices - secure coding guides.Liaise with Second line of defense (CISO and TRM, i.e. Technology Risk Management as well as Audit (internally and externally).Coordinate to develop and maintain a comprehensive patch management strategy and process to ensure timely and effective patching across all systems and infrastructure.Assist the IT teams with vendors and external partners to obtain and deploy patches in a timely manner.Monitor and report on patch management effectiveness, identifying areas for improvement and implementing best practices.Stay abreast of industry best practices, emerging threats, and security vulnerabilities to continuously improve the patch management process.Provide backup support for cyber security projects, incidents, action plans, remediation of findings, and audit points.Ad-hoc off-hour availability may be required to address emergent threatsQualificationsBachelor's degree in Computer Science, Information Technology, or related field.Proven experience in vulnerability management, patch management, or related security roles with oversight of Plans of Action and Milestones (POAM).Strong understanding of common security vulnerabilities and the ability to assess their impact on systems and infrastructure.Experience with vulnerability scanning and assessment tools - SPLUNK and QUALYS.Familiarity with security, IT Audit frameworks and standards (NIST. FFIEC handbooks etc.)Excellent communication and collaboration skills for management presentation materials and ability to work effectively with cross-functional teams. Experience on reporting and analysis tools is required - PowerBI, Advanced Excel/PowerQuery.Relevant certifications such as CISSP, CISM, or equivalent are a plus.Natixis is an equal opportunity employer, committed to a workplace free of discrimination. Natixis will not tolerate any form of discrimination based on age, color, mental or physical handicap or disability, pregnancy, marital status, sexual orientation, national origin, alienage, ancestry or citizenship status, race, religion, sex (including sex stereotyping, gender identity, gender expression or transgender status), veteran status, creed, genetic information or carrier status, or any other protected characteristic as established by law. Respect for all means that we deal with each person as an individual and not as a member of any group. All qualified applicants will receive consideration for employment. Management is expected to provide leadership in supporting the firms EEO program by taking steps to promote EEO in all facets of employment including recruitment, hiring, retention, promotion, performance assessment, and career-development opportunities. The salary range for this position will be between $130,000 - $160,000. Natixis is required by law to include a reasonable estimate of the compensation range for this role. Actual base salary will vary and will be based on several factors including, but not limited to, relevant experience, education, skills set, applicable licensure and certifications, and other business and organizational needs. Base salary is only one component of our total rewards package. Natixis also offers a generous benefits package, and you may be eligible for a discretionary incentive award depending on company and individual performance