Vulnerability Patch Management Specialist
New York, USA IT development
Job description
Poste et missions
Natixis CIB Americas is seeking a skilled and experienced Vulnerability Patch Management Specialist to join our dynamic team. Reporting to the Director of Vulnerability Patch Management, the successful candidate will oversee the vulnerability patch management process, ensuring timely identification and remediation of security vulnerabilities across our systems and infrastructure. This role requires close collaboration with cross-functional teams within the Americas platform and the Head Office to implement effective patch management strategies and processes.
The candidate will manage day-to-day activities while enhancing the Americas CIB Vulnerability Patch Management (VPM) program. Responsibilities include producing regular KPIs, addressing and adapting to KRIs, and advancing the program using a risk-based approach to focus remediation efforts. The candidate will track the risk register, follow up on updates, and oversee entries through the risk decision-making process (exception, risk acceptance) along with associated remediation actions. Additionally, maintaining comprehensive documentation regarding all aspects of the VPM program is essential.
The Vulnerability Patch Management Specialist will support Global Macro trading activities by performing the following actions:
· Manage the vulnerability patch management process, including identification, prioritization, and remediation of vulnerabilities in infrastructure systems (e.g., applications, SDLC development).
· Provide regular and comprehensive reporting on VPM-related topics.
· Collaborate with IT teams within the Americas platform and with Head Office (BPCE/Natixis) and the Natixis International platform (APAC and EMEA).
· Assess the impact of vulnerabilities and associated risk levels.
· Prioritize patch deployment and manage SLA breaches, developing follow-up action plans as necessary.
· Develop and enhance VPM procedures and processes.
· Participate in vulnerability assessments and remediation activities; track software and system updates.
· Strengthen compliance around the use of approved tools and best practices, including secure coding guidelines.
· Liaise with the second line of defense (CISO and Technology Risk Management) as well as internal and external audit teams.
· Coordinate the development and maintenance of a comprehensive patch management strategy and process to ensure timely and effective patching across all systems and infrastructure.
· Assist IT teams with vendors and external partners to obtain and deploy patches promptly.
· Monitor and report on the effectiveness of patch management, identifying areas for improvement and implementing best practices.
· Stay abreast of industry best practices, emerging threats, and security vulnerabilities to continuously enhance the patch management process.
· Provide backup support for cybersecurity projects, incidents, action plans, and audit findings remediation.
· Be available for ad-hoc off-hour support to address emergent threats as needed.
The salary range for this position will be between $115,000 - $130,000. Natixis is required by law to include a reasonable estimate of the compensation range for this role. Actual base salary will vary and will be based on several factors including, but not limited to, relevant experience, education, skills set, applicable licensure and certifications, and other business and organizational needs. Base salary is only one component of our total rewards package. Natixis also offers a generous benefits package, and you may be eligible for a discretionary incentive award depending on company and individual performance.
Profil et compétences requises
Bachelor’s degree in Computer Science, Information Technology, or a related field.
Two years of related experience
Proven experience in vulnerability management, patch management, or related security roles, with oversight of Plans of Action and Milestones (POAM).
Strong understanding of common security vulnerabilities and the ability to assess their impact on systems and infrastructure.
Experience with vulnerability management and SIEM tools.
Familiarity with security and IT audit frameworks and standards (e.g., NIST, FFIEC handbooks).
Effective communication and collaboration skills for management presentation materials and the ability to work effectively with cross-functional teams.
Proficient in reporting and analysis tools, including Power BI and advanced Excel/Power Query.
Relevant certifications such as CISSP, CRISC, CISM, Security+, or equivalent are a plus.