Vulnerability Management Officer

THE EXECUTIVE DIRECTORATE (EXD)The Executive Directorate (EXD) is the steward of OECD resources on behalf of the Secretary‑General. Our focus is on people and their wellbeing; the effective and efficient management of the budget; the safety and security of staff Delegations visitors and of the OECDs data; maintaining and sustaining physical and digital infrastructure; and enabling the convening power of the OECD through conferences meetings and events whether virtual physical or hybrid. As well as providing corporate services functions and management support to our staff and Members we provide integrated strategic and expert advice on corporate policies and management issues to the Secretary‑General to Council and to Standing Committees to which we regularly report on corporate matters. We also provide compliance and risk management functions (for management areas under our purview). Ours is a fast‑paced environment focused on delivering management excellence across all of our functions.THE DIGITAL KNOWLEDGE AND INFORMATION SERVICE (EXD / DKI)Within the Executive Directorate working closely with business partners the Digital Knowledge and Information Service (EXD / DKI) designs and provides secure digital solutions IT and information management services and the technologies to deliver efficient corporate services meet business partners needs and to support and enhance the OECDs global role in building knowledge communicating with the world and interacting with governments to inform and influence policy‑making.THE DIGITAL SECURITY OFFICE (EXD / DKI / DSO)The Digital Security Office (EXD / DKI / DSO) leads the OECDs cyber security capabilityand information management policy : it develops and implements corporate information security policies and technical compliance frameworks conducts security audits and risk assessments supports user awareness campaigns and performs security operations and related compliance monitoring to safeguard the digital assets of the Organisation.It also leads on information management policiespracticesand culture for the Organisation.THE POSITIONReporting to the Head of Digital Security Assurance and Vulnerability Management in the OECD Digital Security Office (EXD / DKI / DSO) as the Vulnerability Management Officer you will be contributing to improving the Organisation's Digital Security Posture reducing the attack surface through Vulnerability identification and Management recommending mitigation options and advising on best practice digital Security Controls.Main ResponsibilitiesVulnerability ManagementLead Vulnerability Identification and Remediation: Proactively identify assess and track vulnerabilities across all OECD digital assets and systems. Coordinate and oversee remediation efforts with relevant technical teams to ensure timely resolution and reduction of the organisations attack surface.Specialised Security Assessments: Plan and execute advanced security assessments including annual Red Teaming exercises and penetration tests to evaluate the effectiveness of existing controls and uncover potential weaknesses.Support Digital Solution Risk Assessments (DSRA): Advise on control recommendations during risk reviews for digital solutions (SaaS PaaS on‑premise web platforms bespoke projects) to avoid exposure to well‑known vulnerabilities and ensure security and compliance. Collaborate with Digital Security and Privacy Risk Managers documenting remediation plans in line with OECD and industry standards (CIS Controls OWASP).Develop and maintain security and privacy controls: Issue mandatory notifications for vulnerability remediation ensuring alignment with OECD policy and requirements. Oversee the implementation of patching and controls and monitor compliance across the organisation.Policy and compliance oversight: Contribute to the development implementation and continuous improvement of digital security policies technical compliance frameworks and vulnerability management protocols. Ensure all digital solutions adhere to the Patch Management Policy and related OECD guidelines.Performance monitoring and reporting: Establish and maintain regular performance monitoring and reporting mechanisms for vulnerability management activities. Provide actionable insights to management and stakeholders.Stakeholder Engagement & Change ManagementCommunications and change management: Develop and deliver communications and change management strategies to promote a culture of digital security and privacy by design. Draft guidance documentation and best practices to support staff and reduce the attack surface across the OECD.Workshops and training: Organise facilitate and participate in workshops with stakeholders to raise awareness build capacity and ensure alignment with digital security objectives.Collaboration and support: Assist with stakeholder interaction. Support Directorates in understanding and fulfilling their digital security responsibilities including third‑party due diligence and vulnerability assessments.QualificationsIdeal Candidate ProfileAcademic BackgroundPost‑secondary education in Information Security or a related field or equivalent practical experience. Qualifications or education in Vulnerability Management would be an advantage.Professional BackgroundMinimum of 3 years of relevant Vulnerability Management experience.Experience in delivering practical Vulnerability Management strategies and practices in organisations in either the public or private sector.Experience in Vulnerability Management Methodologies and Frameworks such as ISO27001 & 27002 / NIST SP 800‑40r4 / SANS / OWASP / CVSS.Demonstrated knowledge of the M365 technological environment.Experience in drafting Vulnerability Management and patching documentation and user guidance.Excellent communication skills with the ability to explain complex technical ideas in plain or easy to understand language.Experience with data protection‑related matters and strategies would be an advantage.ToolsKnowledge of the following tools would be an asset :Rapid7 Insight Vulnerability Management / NexposeMicrosoft Defender for EndpointMicrosoft OfficeM365 suite of applicationsMicrosoft AzureServiceNowLanguagesFluency in one of the two OECD official languages (English and French) and a knowledge of or a willingness to learn the other. Knowledge of other languages would be an asset.Core CompetenciesOECD staff are expected to demonstrate behaviours aligned to six core competencies which will be assessed as part of this hiring processes : Vision and Strategy (Level1); Enable People (Level1); Ethics and Integrity (Level 2); Collaboration and Horizontality (Level2); Achieve Results (Level2); Innovate and Embrace Change (Level2).There are three possible levels for each competency. The level for each competency is determined according to the specific needs of each job role and its associated grade.To learn more about the definitions for each competency for levels 1-3 please refer to OECD Core Competencies.Additional InformationClosing DateApplications should reach us no later than 4January 202623h59 (Paris time).Contract DurationFixed‑term contract of 3 years.What the OECD offersDepending on level of experience monthly salary starts at 7 644.78EUR plus allowances based on eligibility exempt of French income tax.Click here to learn more about what we offer and why the OECD is a great place to work.Click here to browse our People Management Guidebook and learn more about all aspects relating to people at the OECD our workplace environment and many other policies supporting staff in their daily life.Please note that the appointment may be made at one grade lower in the specified job family based on the qualifications and professional experience of the selected applicant.Equal OpportunityThe OECD is an equal opportunity employer and welcomes the applications of all qualified candidates who are nationals of OECD member countries irrespective of their racial or ethnic origin opinions or beliefs gender sexual orientation health or disabilities.The OECD promotes an optimal use of resources in order to improve its efficiency and effectiveness. Staff members are encouraged to actively contribute to this goal.Remote WorkNoEmployment TypeFull‑timeKey SkillsDatabases,Inventory Control,Law Enforcement,Warehouse Experience,Computer Literacy,Business requirements,Sharepoint,Training & Development,Property Management,Public Speaking,Supervising Experience,StockingExperienceyearsVacancy1 #J-18808-Ljbffr