Novartis

Associate Director, Security Patching

Novartis

full-time

Posted on:

Location Type: Hybrid

Location: Barcelona • 🇪🇸 Spain

Visit company website
AI Apply
Apply

Job Level

Senior

Tech Stack

AnsibleCloudJamfServiceNowUnix

About the role

  • Join the DDIT ISC Security Operations Vulnerability Services team focused on reducing risk exposure from security vulnerabilities and enabling scalable remediation through Security Patching process.
  • Analyze ongoing security vulnerabilities risk posture, align patch-based remediations and collaborate with service lines and finding owners to manage resolutions for patch success.
  • Act as SME to assess discovered vulnerabilities, provide pragmatic solutions and support emergency security patching activities.
  • Collaborate with cross-functional teams for patch infrastructure health, threat intelligence, security architecture, remediation and security operations.
  • Provide flexibility for work schedules (including outside standard business hours) to coordinate emergency response for high-risk vulnerability remediation.
  • Govern and operate Security Patch Management for Windows servers, Unix servers, Windows clients, Mac clients, databases, and middleware.
  • Assess daily risk exposure, patch applicability and enable scalable remediations through centralized or decentralized patching.
  • Monitor patching coverage and compliance using tools such as SNOW, INPAT, SCCM, Intune, JamF, Ansible and generate regular reports on patching status, coverage, and risk metrics.
  • Assess, initiate and lead emergency patching activities; perform root cause analysis for patching failures and implement corrective actions.
  • Create and maintain documentation including SOPs, work instructions, knowledge articles, and training material; ensure cross-functional documents are updated.
  • Ensure adherence to Security and Compliance policies; implement policies, procedures, and standards to protect confidentiality, integrity, and availability of resources.
  • Stay up to date with latest security threats and vulnerabilities, recommend mitigation strategies and provide security awareness and training to teams and stakeholders.

Requirements

  • University working and thinking level, degree in technical computer science or information security area or comparable education/experience.
  • 8+ years of overall working experience in information security, preferably in Security patch management, vulnerability management and/or Infrastructure patching domain.
  • 3+ years in handling security vulnerability analysis, remediation and response coordinating with relevant stakeholders, and implementing corrective actions.
  • Experience with vulnerability management, scanning and patching tools: Qualys, ServiceNow, Wiz, MS Defender, SCCM, Intune, JamF, Ansible.
  • Excellent hands-on analytical skills for vulnerability exposure analysis, remediation analysis, mitigations and RCA.
  • Strong understanding of metrics, KPI/KRI, SLAs, and dashboards for vulnerability management and providing executive reporting.
  • Strong knowledge of automation/orchestration implementation in patch management, threat correlation, control mitigations, vulnerability scoring standards and ability to translate vulnerability severity as security risk.
  • Knowledge of operating systems and platforms: Windows servers, Unix servers, Windows clients, Mac clients, databases, middleware technologies for patch analysis.
  • Know how on handling shadow IT asset scenarios, sensitizing teams for security patching, technical debt, SW patching, maintenance windows, scalable remediations.
  • Demonstrated stakeholder management and leadership skills through engagement with large security/development program stakeholders.
  • Excellent communication and cross-functional collaboration skills, strong problem-solving skills and ability to work independently.
  • Desirable: Working experience in security patching domain, vulnerability patch analysis and automation/orchestration implementation in patch management.
  • Relevant certifications: Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP), or equivalent. Product certified knowledge like Microsoft or RHCE.

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard skills
security vulnerability analysisremediationroot cause analysisautomationorchestrationvulnerability scoring standardspatch managementthreat correlationmetricsKPI/KRI
Soft skills
analytical skillsstakeholder managementleadership skillscommunication skillscross-functional collaborationproblem-solving skillsindependent work
Certifications
Certified Information Systems Security Professional (CISSP)Certified Cloud Security Professional (CCSP)Microsoft certificationRHCE