ASPIRE Global Service Centre – Vulnerability & Security Compliance Lead

We are seeking an experienced and results-driven Vulnerability & Security Compliance Lead who plays a critical role in ensuring the security and reliability of our customers IT infrastructure. This role is responsible for leading efforts to identify, assess, and mitigate vulnerabilities, ensuring systems and applications are updated with the latest patches and compliance requirements. The role combines technical expertise, process leadership, and strategic planning to maintain strong security hygiene and safeguard our customers technology assets from potential threats. As this is a leadership role, you will ensure the service desk team leader and their analysts have the suitable tools, schedules and skills to perform the routine maintenance activities. The role will also look to support the development of the wider security operations capability under continual improvement.

Key Responsibilities:

• Develop and execute a comprehensive patch management strategy across all IT systems and applications.
• Coordinate and implement regular patching cycles while minimizing downtime and disruption to business operations.
• Coordinate the testing of patches prior to deployment to validate functionality and compatibility.
• Utilize vulnerability scanning tools to identify weaknesses in the IT environment.
• Analyze and prioritize vulnerabilities based on risk impact and business-criticality.
• Oversee and enforce best practice for security hygiene; access reviews, vulnerability assessment, key rotation, etc
• Collaborate with internal teams to remediate identified vulnerabilities in a timely and efficient manner.
• Ensure compliance with regulatory requirements, internal policies, and industry standards related to patching and vulnerability management
• Generate reports on vulnerability status, patching progress, and key metrics for senior leadership and audit purposes.
• Act as a point of expertise for patching and vulnerability management within the organization.
• Work closely with cross-functional teams, including IT Operations, Security, and Application teams, to align patching and remediation activities with business objectives.
• Identify inefficiencies in processes and workflows, recommending and implementing improvements to enhance service quality.
• Collaborate with third-party vendors for tools and solutions, ensuring optimal performance and cost-effectiveness.
• Perform and maintain risk assessments, gap analysis, and risk register(s).
• Supporting external assessments.
• Supporting security Incident responses.
• Supporting the development of security policies and procedures.