Job Specifications
Company Description
THE OECD – Who we are, what we do
The Organisation for Economic Co-operation and Development (OECD) is an international organisation comprised of 38 member countries, that works to build better policies for better lives. Our mission is to promote policies that will improve the economic and social well-being of people around the world. Together with governments, policy makers and citizens, we work on establishing evidence-based international standards, and finding solutions to a range of social, economic and environmental challenges. From improving economic performance and creating jobs to fostering strong education and fighting international tax evasion, we provide a unique forum and knowledge hub for data and analysis, exchange of experiences, best-practice sharing, and advice on public policies and international standard-setting.
Job Description
THE EXECUTIVE DIRECTORATE (EXD)
The Executive Directorate (EXD) is the steward of OECD resources, on behalf of the Secretary-General. Our focus is on people and their wellbeing; the effective and efficient management of the budget; the safety and security of staff, Delegations, visitors, and of the OECD’s data; maintaining and sustaining physical and digital infrastructure; and enabling the convening power of the OECD through conferences, meetings and events, whether virtual, physical or hybrid. As well as providing corporate services, functions and management support to our staff and Members, we provide integrated, strategic and expert advice on corporate policies and management issues to the Secretary-General, to Council and to Standing Committees, to which we regularly report on corporate matters. We also provide compliance and risk management functions (for management areas under our purview). Ours is a fast-paced environment focused on delivering management excellence across all of our functions.
THE DIGITAL, KNOWLEDGE AND INFORMATION SERVICE (EXD/DKI)
Within the Executive Directorate, working closely with business partners, the Digital, Knowledge and Information Service (EXD/DKI) designs and provides secure digital solutions, IT and information management services and the technologies to deliver efficient corporate services, meet business partners’ needs and to support and enhance the OECD’s global role in building knowledge, communicating with the world and interacting with governments to inform and influence policy-making.
The Digital Security Office (EXD/DKI/DSO) leads the OECD’s cyber security capability and information management policy: it develops and implements corporate information security policies and technical compliance frameworks, conducts security audits and risk assessments, supports user awareness campaigns, and performs security operations and related compliance monitoring to safeguard the digital assets of the Organisation. It also leads on information management policies, practices and culture for the Organisation.
THE POSITION
Reporting to the Head of Digital Security Assurance and Vulnerability Management in the OECD Digital Security Office (EXD/DKI/DSO), as the Vulnerability Management Officer, you will be contributing to improving the Organisation’s Digital Security Posture, reducing the attack surface through Vulnerability identification, and Management, recommending mitigation options and advising on best practice digital Security Controls.
Main Responsibilities
Vulnerability Management:
Lead Vulnerability Identification and Remediation: Proactively identify, assess, and track vulnerabilities across all OECD digital assets and systems. Coordinate and oversee remediation efforts with relevant technical teams to ensure timely resolution and reduction of the organisation’s attack surface.
Specialised Security Assessments: Plan and execute advanced security assessments, including annual Red Teaming exercises and penetration tests, to evaluate the effectiveness of existing controls and uncover potential weaknesses.
Support Digital Solution Risk Assessments (DSRA): Advise on control recommendations during risk reviews for digital solutions (SaaS, PaaS, on-premise, web platforms, bespoke projects) to avoid exposure to well-known vulnerabilities and ensure security and compliance. Collaborate with Digital Security and Privacy Risk Managers documenting remediation plans in line with OECD and industry standards (CIS Controls, OWASP).
Develop and maintain security and privacy controls: Issue mandatory notifications for vulnerability remediation, ensuring alignment with OECD policy and requirements. Oversee the implementation of patching and controls and monitor compliance across the organisation.
Policy and compliance oversight: Contribute to the development, implementation, and continuous improvement of digital security policies, technical compliance frameworks, and vulnerability management protocols. Ensure all digital solutions adhere to the Patch Management Policy and related OECD guidelines.
Per
About the Company
The Organisation for Economic Co-operation and Development (OECD) is an international organisation that works to build better policies for better lives. We draw on more than 60 years of experience and insights to shape policies that foster prosperity and opportunity, underpinned by equality and well-being.
We work closely with policy makers, stakeholders and citizens to establish evidence-based international standards and to find solutions to social, economic and environmental challenges. From improving economic performance...
Know more