About the position
ROLE SUMMARY (PURPOSE)
- Provide domain and subject matter expertise in vulnerability and patch management.
- Design, develop, review, and maintain a comprehensive vulnerability/patch management strategy and practice for the overall IT operations environment, considering security, operational, and business requirements.
- Implement Vulnerability management framework with BU team
KEY WORK OUTPUTS AND ACCOUNTABILITIES
- Provide domain and subject matter expertise in vulnerability and patch management.
- Design, develop, review, and maintain a comprehensive patch management strategy and practice for the overall IT operations environment, considering security, operational, and business requirements.
- Conduct regular patch management and vulnerability assessments to identify potential security risks and prioritise patching based on criticality, urgency, and impact. Such assessment should cover all layers of enterprise infrastructure, endpoints, server hardware, operating systems, and applications.
- Collaborate with the security team to evaluate the risk associated with unpatched vulnerabilities and recommend appropriate mitigation strategies.
- Review and coordinate the deployment of patches, updates, and security fixes across all systems, applications, and infrastructure.
- Establish and/or enhance a standardised thorough testing process to verify the compatibility and stability of patches before deployment to production environments.
- Work with infrastructure, application, security, and BU IT teams to schedule and implement patching activities with minimal impact on business operations.
- Prepare detailed reports, metrics, and insights on patch compliance, analyse vulnerability remediation progress, and system performance to management and stakeholders. Regularly communicate the progress of patch management initiatives to senior leadership.
- Analyse threats, vulnerability feeds, patch management gaps and propose continuous improvement / remediation plans.
KEY DIMENSIONS (SIZE, BUDGETS, ADDITIONAL KPIs etc.)
The incumbent will be expected to manage an entire project (SDLC), meeting with stakeholders, providing critical input for business decisions, delegate tasks to team members, providing effective cooperative development (JAD). This might require travelling for meetings and workshops as the company landscape is vast.
Minimum Requirements:
LEGISLATIVE REQUIREMENTS
Valid RSA Driver’s License
QUALIFICATIONS, EXPERIENCE, SKILLS / KNOWLEDGE
QUALIFICATIONS
An undergraduate qualification (Bachelor's degree or equivalent) in the relevant IM discipline and/or Technical competencies and certification with relevant years of experience in a similar role.
EXPERIENCE
- At least 10 years of experience in Information Technology Operations, Engineering and/or IT Security function.
- 5 or more years of proven experience in IT patch management, vulnerability remediation, patch deployment experience, or a similar role.
- Proven track record in developing and implementing a vulnerability and patch management program utilising a Vulnerability and Patch Management Framework.
- Demonstrated knowledge in systems vulnerability management and system hardening to mitigate Common Vulnerability
- Familiarity with vulnerability assessment tools (Qualys, Nessus, etc.) and techniques
Desired Skills:
- IT Operations Management
- IT Patch Management
- Patch Manaegment Framework
