Vulnerability Management Officer

Company Description

THE OECD - Who we are, what we do

The Organisation for Economic Co-operation and Development (OECD) is an international organisation comprised of 38 member countries, that works to build better policies for better lives. Our mission is to promote policies that will improve the economic and social well-being of people around the world. Together with governments, policy makers and citizens, we work on establishing evidence-based international standards, and finding solutions to a range of social, economic and environmental challenges. From improving economic performance and creating jobs to fostering strong education and fighting international tax evasion, we provide a unique forum and knowledge hub for data and analysis, exchange of experiences, best-practice sharing, and advice on public policies and international standard-setting.

Job Description

THE EXECUTIVE DIRECTORATE (EXD)

The Executive Directorate (EXD) is the steward of OECD resources, on behalf of the Secretary-General. Our focus is on people and their wellbeing; the effective and efficient management of the budget; the safety and security of staff, Delegations, visitors, and of the OECD's data; maintaining and sustaining physical and digital infrastructure; and enabling the convening power of the OECD through conferences, meetings and events, whether virtual, physical or hybrid. As well as providing corporate services, functions and management support to our staff and Members, we provide integrated, strategic and expert advice on corporate policies and management issues to the Secretary-General, to Council and to Standing Committees, to which we regularly report on corporate matters. We also provide compliance and risk management functions (for management areas under our purview). Ours is a fast-paced environment focused on delivering management excellence across all of our functions.

THE DIGITAL, KNOWLEDGE AND INFORMATION SERVICE (EXD/DKI)

Within the Executive Directorate, working closely with business partners, the Digital, Knowledge and Information Service (EXD/DKI) designs and provides secure digital solutions, IT and information management services and the technologies to deliver efficient corporate services, meet business partners' needs and to support and enhance the OECD's global role in building knowledge, communicating with the world and interacting with governments to inform and influence policy-making.

The Digital Security Office (EXD/DKI/DSO) leads the OECD's cyber security capability and information management policy: it develops and implements corporate information security policies and technical compliance frameworks, conducts security audits and risk assessments, supports user awareness campaigns, and performs security operations and related compliance monitoring to safeguard the digital assets of the Organisation. It also leads on information management policies, practices and culture for the Organisation.

THE POSITION

Reporting to the Head of Digital Security Assurance and Vulnerability Management in the OECD Digital Security Office (EXD/DKI/DSO), as the Vulnerability Management Officer , you will be contributing to improving the Organisation's Digital Security Posture, reducing the attack surface through Vulnerability identification, and Management, recommending mitigation options and advising on best practice digital Security Controls.

Main Responsibilities

Vulnerability Management:

• Lead Vulnerability Identification and Remediation : Proactively identify, assess, and track vulnerabilities across all OECD digital assets and systems. Coordinate and oversee remediation efforts with relevant technical teams to ensure timely resolution and reduction of the organisation's attack surface.

• Specialised Security Assessments : Plan and execute advanced security assessments, including annual Red Teaming exercises and penetration tests, to evaluate the effectiveness of existing controls and uncover potential weaknesses.

• Support Digital Solution Risk Assessments (DSRA) : Advise on control recommendations during risk reviews for digital solutions (SaaS, PaaS, on-premise, web platforms, bespoke projects) to avoid exposure to well-known vulnerabilities and ensure security and compliance. Collaborate with Digital Security and Privacy Risk Managers documenting remediation plans in line with OECD and industry standards (CIS Controls, OWASP).

• Develop and maintain security and privacy controls : Issue mandatory notifications for vulnerability remediation, ensuring alignment with OECD policy and requirements. Oversee the implementation of patching and controls and monitor compliance across the organisation.

• Policy and compliance oversight : Contribute to the development, implementation, and continuous improvement of digital security policies, technical compliance frameworks, and vulnerability management protocols. Ensure all digital solutions adhere to the Patch Management Policy and related OECD guidelines.

• Performance monitoring and reporting : Establish and maintain regular performance monitoring and reporting mechanisms for vulnerability management activities. Provide actionable insights to management and stakeholders.

Stakeholder Engagement & Change Management:

• Communications and change management : Develop and deliver communications and change management strategies to promote a culture of digital security and privacy by design. Draft guidance documentation and best practices to support staff and reduce the attack surface across the OECD.

• Workshops and training : Organise, facilitate, and participate in workshops with stakeholders to raise awareness, build capacity, and ensure alignment with digital security objectives.

• Collaboration and support : Assist with stakeholder interaction. Support Directorates in understanding and fulfilling their digital security responsibilities, including third-party due diligence and vulnerability assessments.

Qualifications

Ideal Candidate Profile

Academic Background

• Post-secondary education in Information Security, or a related field, or equivalent practical experience. Qualifications or education in Vulnerability Management would be an advantage.

Professional Background

• Minimum of 3 years of relevant Vulnerability Management experience.

• Experience in delivering practical Vulnerability Management strategies and practices in organisations in either the public or private sector.

• Experience in Vulnerability Management Methodologies and Frameworks, such as ISO 27001 & 27002 / NIST SP 800-40r4 / SANS/ OWASP/ CVSS.

• Demonstrated knowledge of the M365 technological environment.

• Experience in drafting Vulnerability Management and patching documentation and user guidance.

• Excellent communication skills with the ability to explain complex technical ideas in plain or easy to understand language.
• Experience with data protection-related matters and strategies would be an advantage.

Tools

• Knowledge of the following tools would be an asset:

• Rapid7 Insight Vulnerability Management/ Nexpose

• Microsoft Defender for Endpoint

• Microsoft Office
• M365 suite of applications
• Microsoft Azure
• ServiceNow

Languages

• Fluency in one of the two OECD official languages (English and French) and a knowledge of, or a willingness to learn, the other.

• Knowledge of other languages would be an asset.

Core Competencies

• OECD staff are expected to demonstrate behaviours aligned to six core competencies which will be assessed as part of this hiring processes: Vision and Strategy (Level 1); Enable People (Level 1); Ethics and Integrity (Level 2); Collaboration and Horizontality (Level 2); Achieve Results (Level 2); Innovate and Embrace Change (Level 2).

• There are three possible levels for each competency. The level for each competency is determined according to the specific needs of each job role and its associated grade.

• To learn more about the definitions for each competency for levels 1-3, please refer to OECD Core Competencies.

Additional Information

Closing Date

• Applications should reach us no later than 4 January 2026 23h59 (Paris time) .

Contract Duration

• Fixed-term contract of 3 years.

What the OECD offers

• Depending on level of experience, monthly salary starts at 7 644.78 EUR, plus allowances based on eligibility, exempt of French income tax.

• Click here to learn more about what we offer and why the OECD is a great place to work.

• Click here to browse our People Management Guidebook and learn more about all aspects relating to people at the OECD, our workplace environment and many other policies supporting staff in their daily life.
• Please note that the appointment may be made at one grade lower in the specified job family, based on the qualifications and professional experience of the selected applicant.

The OECD is an equal opportunity employer and welcomes the applications of all qualified candidates who are nationals of OECD member countries, irrespective of their racial or ethnic origin, opinions or beliefs, gender, sexual orientation, health or disabilities.

The OECD promotes an optimal use of resources in order to improve its efficiency and effectiveness. Staff members are encouraged to actively contribute to this goal.

Videos To Watch