IT Security Specialist Vulnerability

WHAT MAKES US US

Join some of the most innovative thinkers in FinTech as we lead the evolution of financial technology. If you are an innovative curious collaborative person who embraces challenges and wants to grow learn and pursue outcomes with our prestigious financial clients say Hello to SimCorp!

At its foundation SimCorp is guided by our values caring customer success-driven collaborative curious and courageous. Our people-centered organization focuses on skills development relationship building and client success. We take pride in cultivating an environment where all team members can grow feel heard valued and empowered.

If you like what were saying keep reading!

WHY THIS ROLES IS IMPORTANT TO US:

The IT Security Specialist is primarily responsible for owning and operating the organizations vulnerability management capability with a focus on the vulnerability management platform Armis Centrix. The role ensures timely identification prioritization tracking and remediation of vulnerabilities across the IT environment.

As a secondary responsibility the role supports security risk assessments by providing vulnerability insights and contributing to risk-based decision-making. This position operates closely with infrastructure application and security stakeholders to continuously improve the organizations security posture.

WHAT YOU WILL BE RESPONSIBLE FOR

Vulnerability Management (Primary Responsibility)

• Own and operate the enterprise vulnerability management platform (Armis Centrix) including configuration data quality and daily operations.
• Ensure continuous identification aggregation and correlation of vulnerabilities across infrastructure cloud and endpoint environments.
• Analyze and prioritize vulnerabilities based on severity exploitability asset criticality and business impact.
• Maintain accurate vulnerability lifecycle tracking including remediation status exceptions and risk acceptance.
• Drive remediation activities by working closely with asset owners infrastructure teams and application teams.
• Produce vulnerability dashboards metrics and reports for operational teams and management.
• Continuously improve vulnerability management processes workflows and documentation.
• Serve as the go-to resource for vulnerability management tools and processes.

Security Risk Assessment (Secondary Responsibility)

• Support security risk assessments by providing vulnerability data analysis and risk context.
• Contribute to risk evaluations by translating technical vulnerabilities into business-relevant risk insights.
• Assist in documenting security risks mitigation options and residual risk where applicable.
• Support internal reviews audits or governance activities related to vulnerability and risk management.

Governance & Compliance:

• Ensure vulnerability management practices align with internal security policies and industry standards (e.g. ISO 27001 CIS benchmarks NIST).
• Maintain Standard Operating Procedures (SOPs) related to vulnerability management.
• Provide audit evidence and reporting related to vulnerability management activities.

WHAT WE VALUE

Education:

• Bachelors degree in Information Security Computer Science or a related field (or equivalent practical experience).

Experience:

• At least three years of experience in IT security operations with a primary emphasis on vulnerability management.
• Experience directly operating vulnerability management platforms (experience with Armis Centrix or similar tools is highly desirable).
• Solid understanding of vulnerability classification CVSS scoring and remediation prioritization.
• Experience working with cross-functional technical teams to drive remediation outcomes.

Certifications (Preferred):

• CompTIA Security CISSP or equivalent security certification.

Skills & Abilities:

• Demonstrated analytical and structured approach to security data and risk.
• Ability to serve as a subject-matter expert within a defined security domain.
• Clear and effective communication with both technical and non-technical stakeholders.
• close attention to detail and consistent documentation discipline.
• Ability to balance operational execution with continuous improvement.

Performance Indicators:

• Accuracy completeness and timeliness of vulnerability data in Armis Centrix.
• Percentage of critical and high vulnerabilities actively managed and tracked.
• Quality and usability of vulnerability reporting and dashboards.
• Effectiveness of collaboration with asset owners and remediation teams.

Other requirement

• Amenable to work on EMEA time schedule
• 2x RTO per week

BENEFITS:

Attractive salary bonus scheme and pension are essential for any work agreement. However in SimCorp we believe we can offer more. Therefore in addition to the traditional benefit scheme we provide a good work and life balance: flexible working hours and a hybrid workplace model. Simcorp follows a global hybrid policy asking employees to work from the office two days each week while allowing remote work on other days.

On top of that we have IP sprints where you have 3 weeks per quarter you can spend on developing your skills as well as contributing to the company development. There is never just only one route - we practice a personalized approach to professional development to support the direction you want to take.

NEXT STEP:

Please send us your application in English via our career site as soon as possible we process incoming applications continually. Please note that only applications sent through our system will be processed. At SimCorp we recognize that bias can unintentionally occur in the recruitment process. To uphold fairness and equal opportunities for all applicants we kindly ask you to exclude personal data such as photo age or any non-professional information from your application. Thank you for aiding us in our endeavor to mitigate biases in our recruitment process.

For any questions you are welcome to contact Katkat Calimag-Rupera Senior Talent Acquisition Partner at email If you are interested in being a part of SimCorp but are not sure this role is suitable submit your CV anyway. SimCorp is on an exciting growth journey and our Talent Acquisition Team is ready to assist you discover the right role for you. The approximate time to consider your CV is three weeks.

We are eager to continually improve our talent acquisition process and make everyones experience positive and valuable. Therefore during the process we will ask you to provide your feedback which is highly appreciated.

WHO WE ARE:

For over 50 years we have worked closely with investment and asset managers to become the worlds leading provider of integrated investment management solutions. We are 3000 colleagues with a broad range of nationalities educations professional experiences ages and backgrounds in general.

SimCorp is an independent subsidiary of the Deutsche Börse Group. Following the recent merger with Axioma we leverage the combined strength of our brands to provide an industry-leading full front-to-back offering for our clients.

SimCorp is an equal opportunity employer and welcome applicants from all backgrounds without regard to race gender age disability or any other protected status under applicable law. We are committed to building a culture where diverse perspectives and expertise are integrated into our everyday work. We believe in the continual growth and development of our employees so that we can provide best-in-class solutions to our clients.

**SimCorp Manila proudly announces that its Manila Delivery Center has been officially certified as a Great Place To Work for the second consecutive year Apr25-Apr26 This certification underscores SimCorps effort to cultivating a workplace that is not only inclusive and collaborative but also committed to the personal and professional growth of its employees

**We are also honored to have been voted as a WealthTech100 company for three consecutive years. The new WealthTech100 list aims to highlight tech innovation leaders in the investment management industry.**

#LI-Hybrid