• Strong understanding of vulnerability management concepts, CVEs, CVSS scoring, exploitability, and threat intelligence.
• Experience with vulnerability scanning tools (e.g., Qualys, Tenable, Rapid7, Microsoft Defender, Prisma Cloud).
• Knowledge of operating systems, networking fundamentals, cloud technologies, and common technical architectures.
• Familiarity with security frameworks and standards (ISO 27001, NIST, CIS Controls, OWASP). Excellent stakeholder management and communication skills.

Roles and responsibilities

• Risk & Compliance
  • Monitor the risk score of F&R and support the entity to be within Risk Appetite.
  • Participate in the Risk Opinion process for PG7, ensuring a correct and complete assessment of Vulnerability Management metrics and controls.
  • Review Vulnerability Management risk metrics and manage the remediation of issues resulting from the metrics
  • Collaborate with Dev/Ops and risk officers to address Vulnerability Management related findings and remediation plans.
  • Contribute to audits and compliance reviews for Vulnerability Management processes.
  • Linking pin between the global CISO organization and the F&R community.
  • Perform Deep dives to identify root causes behind Vulnerability Management control defects
  • You are a trusted advisor who knows how to handle discussions with different stakeholders

• Vulnerability Management
  • Validation/triage, risk scoring, remediation tracking, and verification.
  • Prioritize by risk: Use CVSS, threat intel (exploitation in the wild), asset criticality, exposure, and compensating controls to drive risk-based remediation.
  • Remediation orchestration: Taking sessions, coordinate owners, and ensure fix validation (patch, config, version upgrade, or mitigation).
  • Governance & SLAs: Enforce remediation SLAs define exceptions and maintain audit trails.
  • Continuous improvement: Reduce noise (false positives/duplicates), tune scans, improve coverage, and drive automation.

IAM Specialist

Required Skills & Experience

• Strong knowledge of directory services and infrastructure for Windows and Unix systems.
• Expertise in authorization design and validation.
• Experience with IT risk metrics and risk governance frameworks.
• Familiarity with IAM processes in complex, regulated environments.
• Excellent stakeholder management and communication skills.

Roles and responsibilities

• IAM Operational Expertise
  • Review authorization models for Finance & Risk applications.
  • Support teams in  HPA usage and enforce best practices for privileged access.
  • Support IAM architecture for on-premises and cloud environments (Azure preferred).
  • Providing IAM support, explanations and workshops customized to the needs of the F&R DevOps teams.
  • Integrate IAM solutions with Windows and Unix infrastructures.
    
• Risk & Compliance
  • Monitor the risk score of F&R and support the entity to be within Risk Appetite.
  • Participate in the Risk Opinion process for PG3, ensuring a correct and complete assessment of IAM metrics and controls.
  • Review IAM risk metrics and manage the remediation of issues resulting from the metrics
  • Collaborate with Dev/Ops and risk officers to address IAM-related findings and remediation plans.
  • Contribute to audits and compliance reviews for IAM processes.
  • Linking pin between the global CISO organization and the F&R community.
  • Perform Deep dives to identify root causes behind IAM control defects
  • You are a trusted advisor who knows how to handle discussions with different stakeholders