Vulnerability Management Officer

Vulnerability Management Officer OECD – the Organisation for Economic Co‑operation and Development is an international organisation comprised of 38 member countries that works to build better policies for better lives. Its mission is to promote policies that will improve the economic and social well‑being of people around the world. It provides a unique forum and knowledge hub for data and analysis, exchange of experiences, best‑practice sharing, and advice on public policies and international standard‑setting. In the Executive Directorate, the Digital, Knowledge and Information Service (EXD/DKI) designs and provides secure digital solutions, IT and information management services, and the technologies to deliver efficient corporate services, meet business partners’ needs and support the OECD’s global role. The Digital Security Office (EXD/DKI/DSO) leads the OECD’s cyber security capability and information management policy. Position Overview Reporting to the Head of Digital Security Assurance and Vulnerability Management, you will be contributing to improving the Organisation’s digital security posture, reducing the attack surface through vulnerability identification and management, recommending mitigation options, and advising on best‑practice digital security controls. Main Responsibilities Lead vulnerability identification and remediation: proactively identify, assess, and track vulnerabilities across all OECD digital assets and systems, and coordinate remediation efforts with relevant technical teams. Specialised security assessments: plan and execute advanced security assessments, including annual Red Teaming exercises and penetration tests. Support Digital Solution Risk Assessments (DSRA): advise on control recommendations during risk reviews for digital solutions (SaaS, PaaS, on‑premise, web platforms, bespoke projects). Develop and maintain security and privacy controls: issue mandatory notifications for vulnerability remediation and oversee patching and controls implementation. Policy and compliance oversight: contribute to the development, implementation, and continuous improvement of digital security policies and vulnerability management protocols. Performance monitoring and reporting: establish and maintain regular metrics and reporting mechanisms for vulnerability management activities. Stakeholder Engagement & Change Management Communications and change management: develop and deliver communications and change management strategies to promote a culture of digital security and privacy by design. Workshops and training: organise, facilitate, and participate in workshops with stakeholders to raise awareness, build capacity, and ensure alignment with digital security objectives. Collaboration and support: assist with stakeholder interaction and support directorates in fulfilling their digital security responsibilities. Qualifications Ideal Candidate Profile Academic Background Post‑secondary education in Information Security or a related field, or equivalent practical experience. Qualifications or education in Vulnerability Management would be an advantage. Professional Background Minimum of 3 years of relevant vulnerability management experience. Experience delivering vulnerability management strategies in public or private sector organisations. Experience with vulnerability management methodologies and frameworks such as ISO 27001 & 27002, NIST SP 800‑40r4, SANS, OWASP, CVSS. Demonstrated knowledge of the Microsoft 365 technological environment. Experience drafting vulnerability management and patching documentation and user guidance. Excellent communication skills, with the ability to explain complex technical ideas in plain or easy‑to‑understand language. Experience with data protection‑related matters and strategies would be an advantage. Tools Rapid7 Insight Vulnerability Management / Nexpose. Microsoft Defender for Endpoint. Microsoft Office. M365 suite of applications. Microsoft Azure. ServiceNow. Languages Fluency in one of the two OECD official languages (English or French) and a willingness to learn the other. Knowledge of other languages would be an asset. Core Competencies Vision and Strategy (Level 1). Enable People (Level 1). Ethics and Integrity (Level 2). Collaboration and Horizontality (Level 2). Achieve Results (Level 2). Innovate and Embrace Change (Level 2). Additional Information Applications should reach us no later than 4 January 2026 23:59 (Paris time). Fixed‑term contract of 3 years. Depending on level of experience, the monthly salary starts at €7 644.78, plus allowances based on eligibility, exempt of French income tax. The OECD is an equal opportunity employer and welcomes applications from all qualified candidates who are nationals of OECD member countries, irrespective of their racial or ethnic origin, opinions or beliefs, gender, sexual orientation, health or disabilities. #J-18808-Ljbffr