Job description

Job Description

Role Overview:

The incumbent will oversee and manage the end-to-end security patching operations for open systems and ensure compliance with the bank’s patching Service Level Agreements (SLAs), which is based on Common Vulnerabilities & Exposures (CVE) risk ratings and server tiers. The incumbent is required to have strong coordination, governance, and reporting capabilities to maintain security posture and regulatory compliance.

Responsibilities:

• Vendor Management:

  • Oversee vendor performance to ensure timely and accurate patch deployment across server operating systems, databases, middleware, OpenShift container platforms, and desktops.

  • Ensure adherence to SLAs based on CVE risk ratings and system tiering.

• Patch Calendar & Scheduling:

  • Develop and maintain an annual patch calendar for SIT, UAT, and PRD environments.

  • Coordinate patching schedules with application custodians and stakeholders.

• Governance & Exception Handling:

  • Manage the exception process for skipped patches, ensuring valid justification and proper documentation.

  • Enforce governance standards for patching compliance.

• Communication & Coordination:

  • Act as the primary liaison between vendor teams and internal application custodians.

  • Communicate patching schedules, risks, and impacts effectively.

• Reporting & Compliance:

  • Prepare and validate regular reports, including SLA compliance, patch status, management dashboards, and regulatory submissions.

  • Ensure accuracy and completeness of all reporting.

Requirements

• Education & Experience:

  • Bachelor Degree in Information Technology, Cybersecurity, or related field.

  • More than 10 years of experience in IT operations, security patching, or vendor management, preferably in a medium to large organization with a server inventory of 5,000 or more.

• Technical Skills:

  • Understanding of operating systems (Windows, AIX, HP-UX, Linux, Solaris), databases, middleware, and container platforms (OpenShift).

  • Experience with automation tools (BigFix, Chef, Ansible)

  • Familiarity with CVE risk ratings, vulnerability management, and patching best practices.

  • Good at creating and maintaining technical documentation

• Soft Skills:

  • Strong communication and stakeholder management skills.

  • Excellent organizational and governance capabilities.

  • Attention to detail for accurate reporting.

• Preferred:

  • Experience in financial services or regulated environments.

  • Knowledge of ITIL processes and compliance frameworks.

Additional Requirements