Principal, Patching and Vulnerability

To be considered for this position, applications and resumes are accepted only through our careers site by directly applying to the posted job. We do not accept unsolicited resumes or sales solicitations from staffing agencies. Any OCC employee wishing to submit a referral must do so through their Workday account. Any resume submitted outside of an active job posting will not be considered for employment.

What You'll Do

The Principal, Patching and Vulnerability Management Coordinator, leads the coordination and execution of the patching and vulnerability management program across the organization, working in close partnership with platform engineering and infrastructure teams responsible for hands-on patching activities. This role provides strategic technical leadership across a mixed environment of on-premises and AWS cloud-based infrastructure, ensuring robust security, seamless system integration, and operational excellence. The position serves as the central coordinating authority, aligning schedules, standards, and outcomes across infrastructure domains, while actively participating in patching execution alongside those teams. The position also focuses on fostering 'dotted line' team development through cross-training, mentoring, and promoting continuous learning to enhance team resiliency and expertise.

Primary Duties and Responsibilities:

To perform this job successfully, an individual must be able to perform each primary duty satisfactorily.

• Patching and Vulnerability Management Architecture and Design: Serve as the principal architect dedicated to the design and architecture of OCC's patching and vulnerability management program across on-premises and AWS cloud environments. Ensure robust, scalable, and secure vulnerability management across the organization by translating complex business requirements into technical solutions that align with industry best practices and regulatory standards. Lead efforts to optimally integrate the Vulnerability Management endpoint and network scanning solution (currently Qualys) with the ServiceNow Security Vulnerability Response module.

• Program Coordination and Execution Partnership: Serve as the central coordinator for all patching and vulnerability management activities across the organization. Work directly alongside infrastructure teams including server, network, and cloud engineering to plan, schedule, and help execute patching cycles. While infrastructure teams perform the hands-on work within their respective domains, this role ensures alignment, accountability, and consistency across all efforts, removing barriers and maintaining momentum throughout the patching lifecycle.

• Strategic Leadership and Integration: Provide technical leadership in designing workflows, automation, and governance frameworks that maximize the value of the vulnerability management system. Work with Security and End User Experience SMEs to ensure seamless integration between Qualys and ServiceNow to enable unified policy enforcement and lifecycle management for vulnerabilities across both on-premises and cloud-based infrastructure.

• Near-Real-Time Patching Strategy: Aggressively drive the development and maturation of a patching strategy that progressively moves the organization toward near-real-time vulnerability remediation without disrupting a 24/7 production environment. While this capability is a future-state objective, this role will proactively assess architectural barriers, evaluate emerging tooling and automation approaches, and build the operational foundation necessary to reduce patch latency over time. This includes identifying quick-win opportunities, piloting phased approaches, and collaborating with infrastructure and application teams to design patching windows and methods that support continuous availability.

• Cross-Domain Expertise: Possess deep expertise in IT server and network administration, including on-premises infrastructure and AWS cloud-based solutions. Apply this breadth of knowledge to ensure consistent vulnerability management standards and patching practices are maintained across all environment types.

• Innovation and Operational Excellence: Drive innovation and operational excellence for the IT Operational Security team's vulnerability management initiatives by combining technical depth with broad domain knowledge across on-premises and cloud environments.

Supervisory Responsibilities:

• None

Qualifications:

The requirements listed are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the primary functions.

• Extensive experience in server and network administration across on-premises and AWS cloud environments, as well as vulnerability management. Proven ability to design robust, scalable, and secure vulnerability management solutions in hybrid infrastructure settings.

• Demonstrated experience coordinating patching activities across multiple infrastructure teams, including the ability to drive accountability and execution without direct authority over all participating teams.

• Demonstrated leadership in designing workflows, automation, and governance frameworks that maximize the value of vulnerability management systems, including seamless integration with enterprise infrastructure.

• Strong cross-domain expertise bridging security and IT best practices regarding patching and vulnerability management across mixed on-premises and cloud environments.

• Visionary thinking around continuous patching models, with experience or strong familiarity with strategies that support near-real-time remediation in high-availability or 24/7 production environments (e.g., rolling patch windows, blue/green deployment models, live patching technologies).

• Commitment to innovation and operational excellence, with a track record of driving technical depth and broad domain knowledge in vulnerability management initiatives.

• Proven ability to lead consistent cross-training efforts, mentor team members, and empower advanced learning to increase team resiliency and adaptability.

• Excellent communication and mentorship skills, with a history of taking ownership of team success and driving technical excellence.

Technical Skills:

• Vulnerability scanning and assessment (Qualys preferred)

• Patch lifecycle management

• CVE analysis and risk-based prioritization

• CVSS scoring and vulnerability remediation frameworks

• Zero-day and critical vulnerability response

• ServiceNow Security Vulnerability Response (SVR) module

• Qualys-to-ServiceNow integration and workflow configuration

• Understanding of patch management infrastructure for on-prem and cloud based environments.

• Familiarity with enterprise server environments including Windows Server, Linux (RHEL), and VMware/vSphere patching workflows

• Understanding of enterprise storage and firmware update coordination across SAN/NAS platforms

Education and/or Experience:

• Bachelor's degree in Computer Science, Engineering, or other related field, or equivalent experience

• 7+ Years Patching and Vulnerability management

• Hands-on IT or security operations experience

• Industry recognized certifications (CISSP, ITIL, etc)

Certificates or Licenses:

n/a

About Us

The Options Clearing Corporation (OCC) is the world's largest equity derivatives clearing organization. Founded in 1973, OCC is dedicated to promoting stability and market integrity by delivering clearing and settlement services for options, futures and securities lending transactions. As a Systemically Important Financial Market Utility (SIFMU), OCC operates under the jurisdiction of the U.S. Securities and Exchange Commission (SEC), the U.S. Commodity Futures Trading Commission (CFTC), and the Board of Governors of the Federal Reserve System. OCC has more than 100 clearing members and provides central counterparty (CCP) clearing and settlement services to 19 exchanges and trading platforms. More information about OCC is available at www.theocc.com.

Benefits

A highly collaborative and supportive environment developed to encourage work-life balance and employee wellness. Some of these components include:

• A hybrid work environment, up to 2 days per week of remote work
• Tuition Reimbursement to support your continued education
• Student Loan Repayment Assistance
• Technology Stipend allowing you to use the device of your choice to connect to our network while working remotely
• Generous PTO and Parental leave
• 401k Employer Match
• Competitive health benefits including medical, dental and vision

Visit https://www.theocc.com/careers/thriving-together for more information.

Compensation

• The salary range listed for any given position is exclusive of fringe benefits and potential bonuses. If hired at OCC, your final base salary compensation will be determined by factors such as skills, experience and/or education.
• In addition, we believe in the importance of pay equity and consider internal equity of our current team members as part of any final offer.
• We typically do not hire at the maximum of the range in order to allow for future and continued salary growth. We also offer a substantial benefits package as noted on www.theocc.com/careers
• All employees may be eligible for a discretionary bonus. Discretionary bonuses are based on various factors, including, but not limited to, company and individual performance and are not guaranteed.

Salary Range

Incentive Range

This position is eligible for an annual discretionary incentive compensation award, for which the target range is listed above (see Incentive Range). The amount of such award, if any, will be based on various factors, including without limitation, both individual and company performance.

Step 1
When you find a position you're interested in, click the 'Apply' button. Please complete the application andattach your resume.

Step 2
You will receive an email notification to confirm that we've received your application.

Step 3
If you are called in for an interview, a representative from OCC will contact you to set up a date, time, and location.

For more information about OCC, please click here.

OCC is an Equal Opportunity Employer