This role will be member of the Global Infrastructure Operations Continuous Service Improvement (CSI) team as part of 24*7*365 Production Management organization. An organization that delivers highly secure, reliable, efficient infrastructure technology operations services that are focused on the needs of all State Street business. Responsible for delivering continuous improvement across various infrastructure operations towers by supporting the ITIL framework to improve processes, which ultimately improve our business.
We are seeking a skilled Patch Management Governance Lead to join our team, responsible for establishing and overseeing the governance framework for patch management across the organization. The ideal candidate will have a strong background in cybersecurity, experience in patch management, and the ability to develop and enforce policies and procedures to ensure effective patching practices.
What you will be responsible for:
The right person for this role will have a strong track record of program management experience, the demonstrated ability to deliver multiple high priority projects simultaneously, the ability to drive alignment across teams with competing priorities and be a strong advocate for risk management.
Job Responsibilities
Develop and implement patch management policies, procedures, and standards to ensure the security and integrity of the organization's IT infrastructure.
Establish governance structures, roles, and responsibilities for patch management processes, including coordination with IT teams, business units, and third-party vendors.
Define and maintain patch management metrics, KPIs, and reporting mechanisms to measure the effectiveness of patching activities and compliance with policies.
Coordinate with stakeholders to prioritize patches based on risk assessment, business impact, and compliance requirements.
Establish change management processes and controls to manage the deployment of patches across different environments, including development, testing, and production.
Conduct regular assessments and audits of patch management practices to identify areas for improvement and ensure adherence to policies and standards.
Collaborate with security teams to incorporate threat intelligence, vulnerability assessments, and risk analysis into patch prioritization and deployment strategies.
Provide guidance and training to IT teams, system administrators, and end-users on patch management best practices, procedures, and tools.
Monitor industry trends, emerging threats, and regulatory requirements related to patch management and incorporate them into governance frameworks.
Continuously evaluate and enhance patch management processes, tools, and automation capabilities to streamline operations and improve efficiency.
Lead the vulnerability reporting process, including the collection, documentation, and dissemination of vulnerability information to relevant stakeholders.
Coordinate with internal teams, including IT security, network operations, software development, and system administrators, to gather vulnerability data from various sources, including scanning tools, penetration tests, and security advisories.
Analyze vulnerability data to determine severity, impact, and potential risk to the organization's assets and systems.
Prepare and distribute regular vulnerability reports to key stakeholders, including management, IT teams, and business units, providing insights into the current state of vulnerabilities and trends over time.
Develop and maintain a centralized vulnerability tracking system or database to manage and prioritize vulnerabilities based on severity, affected systems, and available remediation resources.
Collaborate with stakeholders to establish and enforce vulnerability reporting and remediation timelines and ensure compliance with internal policies and external regulations.
Serve as a subject matter expert on vulnerability reporting processes, tools, and best practices, providing guidance and support to internal teams as needed.
Communicate effectively with external vendors and partners regarding vulnerabilities affecting third-party software or services used by the organization.
Continuously evaluate and improve the vulnerability reporting process to enhance efficiency, accuracy, and effectiveness.
Qualifications:
Bachelor's degree in cybersecurity, information technology, or related field.
1+ years of experience in cybersecurity or IT governance, with a focus on patch management.
In-depth knowledge of patch management principles, processes, and best practices.
Understanding of vulnerability assessment tools, such as Nessus, Qualys, Rapid7, or similar, and their output formats.
Excellent analytical and problem-solving skills, with the ability to assess and prioritize vulnerabilities based on risk and potential impact.
Proficiency in data analysis and reporting tools, such as Microsoft Excel, Power BI, or similar.
Strong communication and interpersonal skills, with the ability to effectively communicate technical information to non-technical stakeholders.
Experience with vulnerability tracking and management systems, such as JIRA, ServiceNow, or similar.
Knowledge of common vulnerability databases and classification systems, such as CVE, CVSS, and CWE.
Ability to work independently and collaboratively in a fast-paced environment with multiple stakeholders and competing priorities.
Strong understanding of cybersecurity frameworks, compliance standards (e.g., NIST, CIS), and regulatory requirements related to patch management
Salary Range: $75,000 - $120,000 Annual
The range quoted above applies to the role in the primary location specified. If the candidate would ultimately work outside of the primary location above, the applicable range could differ.