Vulnerability and Patch Governance Administration (Vice President)
Job Summary:
This senior role will oversee and manage a cross-functional Vulnerability and Patch Management program across the Americas Division. The ideal candidate will have experience in planning, execution, and implementation of multi-year Vulnerability and Patch programs.
Key Responsibilities
1. Contribute to the development and implementation of a comprehensive Vulnerability and Patch Management strategy.
2. Manage the ServiceNow Security Operations module from a governance and compliance standpoint, ensuring all vulnerabilities are acknowledged, documented, and remediated in accordance with policies and SLAs.
3. Collaborate with clients and stakeholders across the Americas Division to identify technology vulnerabilities and patching needs, facilitate communication, and implement changes as necessary.
4. Analyze vulnerability data and assign tasks to the appropriate technology teams, ensuring timely resolution of issues.
5. Monitor and report on compliance with defined Service Level Agreements, providing metrics and recommendations for improvement.
6. Develop accurate KPIs and KRIs for technology vulnerabilities detected, remediated, and not remediated.
7. Resolve conflicts within and between projects or functional areas, implementing changes as necessary.
8. Oversee the maintenance of accurate and up-to-date operational procedures.
9. Provide recommendations for remediation, automation, mitigation, and/or acceptance based on risk profiles.
Program Management
The successful candidate will be responsible for managing end-to-end delivery against a defined program plan, defining scope, timing, resource requirements, and deliverables. They will implement standardized templates and communication channels to drive transparency and consistency across program efforts.
They will create a program management office (PMO) and assign clear roles and responsibilities to establish ownership of program work-streams and deliverables. Additionally, they will identify and mobilize subject matter experts throughout the organization to contribute as required.
Throughout the life of the program, they will monitor delivery, assess outcomes to ensure completeness and sustainability, and modify the program plan and/or timelines as necessary in coordination with business stakeholders.
Requirements
* Knowledge of security frameworks such as FFIEC, NIST, and CIS.
* Excellent communication and interpersonal skills, with the ability to communicate complex issues to technical and non-technical stakeholders.
* Excellent analytical and data handling skills, producing accurate metrics.
* Proficient working with Jira/Confluence, including some experience with configuration.
* Working knowledge of system development lifecycle (SDLC) and process change/improvement.
* Broad working knowledge of Agile frameworks is preferred: Scrum, Kanban, Lean, XP, and other advanced Agile frameworks (SAFe, DAD, etc.)
* Prior experience working within the financial services industry is preferred.
* Prior experience working with ServiceNow Security Operations is preferred.
* Certification in a related project management process (PMI-PMP or PRINCE2) is preferred.
Additional Requirements
Diversity and Inclusion Commitment: Responsible for fostering a culture of diversity and inclusion, holding leaders accountable for creating an inclusive environment through awareness and practice of equity in recruiting, developing, and promoting diverse talent.
SMBC employees participate in a hybrid workforce model that provides employees with an opportunity to work from home, as well as, from an SMBC office. SMBC requires that employees live within a reasonable commuting distance of their office location.
We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, national origin, disability status, protected veteran status or any other characteristic protected by law.