Technical Patching Lead - Cloud, Hardware, and Appliances, VP
Who We are Looking For:
This role will be member of the Global Infrastructure Operations Continuous Service Improvement (CSI) team as part of 247365 Production Management organization. An organization that delivers highly secure, reliable, efficient infrastructure technology operations services that are focused on the needs of all State Street business. Responsible for delivering continuous improvement across various infrastructure operations towers by supporting the ITIL framework to improve processes, which ultimately improve our business.
We are looking for a highly skilled and proactive individual to join our team as a Global Vulnerability Patch Remediation Lead. In this role, you will be responsible for developing and executing strategies to identify, prioritize, and remediate vulnerabilities across our global IT infrastructure. Your leadership will be instrumental in ensuring the timely and effective patching of vulnerabilities to mitigate security risks and maintain the integrity of our systems.
What you will be responsible for:
The right person for this role will have a strong track record of program management experience, the demonstrated ability to deliver multiple high priority projects simultaneously, the ability to drive alignment across teams with competing priorities and be a strong advocate for risk management.
Job Responsibilities
• Lead the global vulnerability patch remediation program, overseeing the identification, prioritization, and remediation of vulnerabilities across all IT systems and platforms.
• Collaborate with regional IT teams and stakeholders to establish a unified approach to vulnerability management and patch remediation, considering regional differences and priorities.
• Develop and implement processes and procedures for the timely detection, assessment, and prioritization of vulnerabilities based on risk and potential impact.
• Coordinate with IT security teams to leverage vulnerability scanning tools and techniques to identify vulnerabilities in a timely manner.
• Establish and maintain patch management processes and workflows to ensure the efficient deployment of security patches and updates across the global IT infrastructure.
• Work closely with system administrators, network engineers, and software developers to schedule and execute patch deployments with minimal disruption to business operations.
• Monitor patch deployment progress and track remediation activities to ensure compliance with patching schedules and security policies.
• Provide regular status updates and reports on vulnerability patch remediation efforts to senior management and key stakeholders.
• Conduct post-remediation validation to verify the effectiveness of patching efforts and ensure vulnerabilities are properly addressed.
• Stay current on emerging threats, vulnerabilities, and best practices related to patch management and vulnerability remediation through industry sources, vendor advisories, and professional networks.
• Individual will play a direct role in vendor management, overseeing the scheduling and implementation of the patching activities across all platforms.
• Support and Drive remediation of cyber risks identified by Global Cyber Security, Corporate Audit, Technology Risk Management and Regulators.
• Participate in engineering and technical solutioning to strengthen controls and improve effectiveness of the Patching & Compliance Program.
• Participate in the continuous improvement of the existing and the development of new automation solutions to enhance effectiveness of the program.
• Ensure the Patching & Compliance Program satisfies all Internal & External Regulatory and Compliance standards
• Support Regulatory and Audit inquiries providing insight to the Patching & Compliance Program and detailed evidence when requested.
• Provide Information Technology risk management and compliance support to ensure effective identification, measurement, control and management of the relevant risks
• Identify and manage IT risk by maintaining effective internal controls and escalating as appropriate any deficiencies to management and/or applicable technology governance boards.
• Drive Continuous Service Improvement by looking at lesson learns and gap analysis and implement improvement plans to document, update and improve daily operation procedures
• Develop reports using data that is hosted in multiple sources/tools (e.g., spreadsheets, dashboards) and communicate clearly to leadership and other cyber security teams
• Engage with Application engineering leads and SRE/IT teams to coordinate vulnerability remediation from technical and policy compliance perspectives
• Track and monitor key milestones or after significant change in the environment to identify network, infrastructure, and configuration vulnerabilities
• Perform ad-hoc data remediation, clean-ups, and reporting using large complex data sets for high-priority security remediations
What we value
• Bachelor's degree in computer science, information technology, or a related field.
• 5+ years of Production Support in the Public Cloud Support Operations
• Extensive experience in IT security, vulnerability management, or a related role, with a focus on patch management and remediation.
• Ability to effectively coordinate and communicate between technical teams and business stakeholders with varying technical proficiencies
• Strong understanding of vulnerability scanning tools and techniques, such as Nessus, Qualys, or similar.
• Proven experience in developing and implementing patch management processes and procedures in a global enterprise environment.
• Excellent project management skills, with the ability to prioritize tasks, manage resources, and meet deadlines.
• Strong communication and interpersonal skills, with the ability to effectively collaborate with diverse teams across different regions and time zones.
• Experience with patch management systems and tools, such as WSUS, SCCM, or similar.
• Knowledge of common vulnerabilities and exposure (CVE) database and vulnerability scoring systems (e.g., CVSS).
• Relevant certifications, such as Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), or CompTIA Security+, are a plus.
• Ability to adapt to a fast-paced and dynamic environment, with a focus on continuous improvement and innovation.
This role offers an exciting opportunity to lead the global vulnerability patch remediation efforts and contribute to the overall security posture of our organization. If you have a strong background in IT security and patch management, along with excellent leadership and communication skills, we encourage you to apply and join our team.
Salary Range:
$130,000 - $212,500 Annual
The range quoted above applies to the role in the primary location specified. If the candidate would ultimately work outside of the primary location above, the applicable range could differ.