Patch Velocity & Software Lifecycle Lead
Patch Velocity & Software Lifecycle Lead
Location: Lyon or Gentilly, France
Type: Permanent, Full-time, Hybrid
About the role
At Sanofi, you will strengthen our cybersecurity posture by accelerating remediation of vulnerabilities and enforcing robust software lifecycle governance. You will reduce the organization’s exposure to cyber risks by driving patching velocity and coverage, controlling software obsolescence, and ensuring compliance across our digital landscape.
Responsibilities
- Drive Patch Velocity & Remediation Performance:
- Accelerate patch deployment across servers, middleware, endpoints, and application layers
- Reduce Mean Time To Patch (MTTP) and vulnerability backlog
- Ensure adherence to remediation SLAs, especially for critical and high‑risk vulnerabilities
- Identify and remove bottlenecks impacting remediation speed
- Enforce Software Lifecycle & Obsolescence Management:
- Define and drive software lifecycle standards (EOL/EOS management)
- Ensure continuous upgrade and modernization of software components
- Reduce risks related to obsolete and unsupported technologies
- Strengthen Software Governance & Catalog Control:
- Enforce compliance with the Digital‑approved software catalog
- Implement mechanisms to detect and remove unauthorized software
- Reduce exposure linked to shadowIT and unmanaged software components
- Maintain Security Compliance by Design:
- Guarantee that systems are secure and compliant at delivery (golden images, baselines)
- Maintain compliance throughout the asset lifecycle
- Embed patching and lifecycle requirements into operational processes:
- Define policies, standards & operating model
- Formalise patch management and software lifecycle policies
- Define clear roles, responsibilities and governance frameworks
- Ensure alignment between Security, IT and Business stakeholders
- Drive Transversal Execution:
- Engage and align cross‑functional teams: Infrastructure & Cloud, Digital Workplace, Application Owners, Cybersecurity & Risk and Compliance
- Activate the right organizational and technical levers to meet objectives
- Measure performance & drive continuous improvement
- Measure Performance & Drive Continuous Improvement:
- Define and monitor key KPIs: MTTP, SLA compliance for vulnerability remediation, patch and lifecycle compliance rates, unauthorized software rate
- Track progress and ensure sustainable improvement (non‑regression)
- Provide clear reporting and executive visibility
Qualifications
Experience
- Proven experience in cybersecurity, vulnerability management or infrastructure security
- Track record in driving cross‑functional transformation or remediation programmes
- Strong understanding of patch management processes, software lifecycle and obsolescence risks, and enterprise IT environments (endpoints, servers, applications)
Technical skills
- Experience with Windows and Linux environments, and patch management tools (Intune, SCCM, Microsoft AzureArc, RedHat Satellite, etc.)
- Experience with cloud environments (Azure and AWS)
- Experience with vulnerability management, Endpoint Detection & Response (EDR) and SOAR tools
- Proficiency in Python and PowerShell scripting
- Advanced use of AI technologies for improving operations
Soft skills
- Strong result orientation focused on measurable risk reduction
- Ability to drive performance and accountability across teams
- Excellent stakeholder management and influencing skills
- Data‑driven mindset with experience defining and tracking KPIs
- Structured, pragmatic and execution‑focused
Education & Languages
- Bachelor’s or Master’s degree in Information Security, IT or related field
- Languages: English, French
Key Success Factors
- Measurable improvement in patching velocity and SLA compliance
- Reduction in critical and high‑risk vulnerabilities exposure
- Decrease in obsolete and unauthorized software footprint
- Sustainable increase in global IT compliance levels
Benefits
- Fixed salary over 12 months, supplemented by a short‑term incentive and a collective variable compensation based on Sanofi Group results
- 31 days of paid leave + RTT (depending on status)
- Remote work up to 2days per week
- Quality health insurance
- Public transport coverage up to 80%
- Extended maternity/parental leave (18/14 weeks)
- Group Savings Plan & PERCOL with employer matching, PERO
- Numerous CSE benefits, internal and international mobility opportunities, learning&development opportunities
EEO Statement
We provide equal opportunities to all regardless of race, colour, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, ability or gender identity. Watch our ALLIN video and check out our Diversity, Equity and Inclusion actions at sanofi.com!
#J-18808-Ljbffr