Security and Patch Management Expert

**Security and patch management expert**

**Mandatory: Nationality E.U or Swiss Residence Permit**

**Location: Geneva**

**Starting date: asap**

**Context**

Our goal is to protect the digital operations from cyber-attacks, being a core element of the institutional cyber security strategy.

Based in Geneva and reporting directly to the Head of Applications, the Security and patch management expert plays a key role to support the mission of managing the security information systems according to institutional expectations.

The security and patch management expert works within the Application team to:

- Coordinate the deployment of security patches
- Participate to the improvement of processes around vulnerability and patch management including operating models, maturity models, KPI's, handling and reporting processes, roles/responsibilities, etc.
This role is a key business enabler to provide information security risk analysis and strategic recommendations for the ongoing improvement of Information Security.

**Your responsibilities**
- Anticipate future threats by coordinating the deployment of vulnerability patches & fixes
- Gain commitment from stakeholders to implement recommended and agreed security patches
- Prioritize action plan based on risk and impact
- Proactively follow these deployments (including creation of documentation, technical and functional testing), analyse the results & report, recommend possible improvements
- Understand what is at stake with vulnerability patching and upgrade and communicate effectively on the topic with various audience
- Develop and maintain security KPIs
- Communicate vulnerability patching plan and progress to all internal stakeholders
Relationships
- Reports directly to the the Head of Applications
- Interacts with métiers that need support / information on security patching
- Engages with managed service providers and technical partners (integrators and editors)
**Your profile**

Education and experience required
- Information Technology Engineer degree or equivalent (security specialization a big plus)
- Minimum of 5 years of professional experience, and a minimum 3 years of professional experience in a similar position
- Security certifications such as CISSP, CCSP, SANS GIAC, CEH, Security+ and/or Offensive Security a plus
- Experience with Vulnerability Scanner tools like Snyk, NSP or others
- Experience with NPM (npm packages and audit fix), NuGet, PIP, YARN, SASS and global conflicts/dependencies resolution
- Experience with UNIX environment and Open source system tools (Docker, Docker registries (Harbor), AWX, Kubernetes and/or OpenShift is a plus
- Experience with a package manager (Nexus, ProGet, Azure DevOps) is a plus
- Relevant experience in an international and complex / matrix environment
- Excellent command of English or French (working knowledge of the other)
Desired profile and skills
- Excellent knowledge of information security standards, frameworks and best practices (NIST, ISO, SANS, etc.)
- Solid sense of integrity, limits and understanding of the overall cyber security organisation and mission
- Excellent communication, interpersonal and presentation skills
- Focuses on results and desired outcomes and how best to achieve them
- Analytical minded with a systematic approach, able to respond quickly to changing circumstances, challenge requests, value different perspectives and ideas
- Excellent knowledge of c

**Job Types**: Full-time, Permanent

Schedule:

- Day shift
Application Question(s):

- Nationality E.U or Swiss Work Permit

**Language**:

- English (required)
- French (preferred)