1. Presentation of ETNIC

ETNIC (Entreprise pour les Technologies de l’Information et de la Communication) is the IT operator of the Fédération Wallonie-Bruxelles. As a public interest organization, ETNIC’s mission is to design, develop, maintain, and evolve information systems and technological infrastructures serving the administrations and institutions of the FWB.

A central player in the digital transformation of the Belgian French-speaking public sector, ETNIC operates in various domains such as:

• Management of IT infrastructures (networks, security, data centers, cloud)
• Development of custom business applications
• Support for digital projects (functional analysis, UX/UI, project management)
• Cybersecurity and data protection
• User support and training

With a constant focus on innovation, performance, and public service, ETNIC regularly collaborates with external partners to strengthen its teams through IT consulting assignments. These collaborations are carried out within an ethical, professional framework, oriented towards quality and the concrete impact of delivered solutions.

2. Assignment

1. Assignment context

As part of strengthening its cybersecurity posture, ETNIC is seeking the services of a Vulnerability Manager consultant.

The target environment is based on the ServiceNow – Vulnerability Response tool, used as the central vulnerability management tool, integrated with external scanners (notably Rapid7).

2. Objectives of the assignment

The mission of the Vulnerability Manager consultant aims to:

• Permanently improve the reduction of critical vulnerabilities, particularly on Linux, Windows, Middleware, and network environments
• Strengthen managerial visibility on detected vulnerabilities, their assignment, and their resolution
• Ensure the reliability and structuring of the use of ServiceNow Vulnerability Response as the unique reference
• Address organizational and operational pain points identified in current processes (delays, exceptions, detection noise, responsibilities)

3. Scope of the assignment

The consultant is involved in the cross-functional governance of vulnerability management, covering in particular:

• server environments (Linux, Windows)
• middleware components, databases, applications, and associated infrastructures
• remediation, tracking, and exception processes within ServiceNow

The assignment is not limited to operational patching, but focuses on steering, coordination, and continuous improvement of the system.

4. Main responsibilities

Based on the roles and processes documented within ETNIC, the Vulnerability Manager consultant is notably responsible for:

4.1 Steering and governance

• Ensuring an overall view of the risk posture related to vulnerabilities
• Supervising the status of active vulnerabilities, their criticality, and their evolution over time
• Ensuring alignment of the system with existing organizational policies and procedures

4.2 Management via ServiceNow Vulnerability Response

• Utilize and structure the use of ServiceNow Vulnerability Response:
• Vulnerable items
• Remediation tasks
• Exception management
• Managerial dashboards
• Improve the quality and relevance of data from integrated scanners (e.g., Rapid7)

4.3 Coordination of stakeholders

• Act as a transversal coordination point between:
• Technical teams (Linux, Windows, middleware, etc.)
• Vulnerability analysts, security team
• ITIL managers: CMDB, changes, incidents…
• Remediation managers
• Serve as the escalation point when blockages occur in the treatment processes

4.4 Continuous improvement

• Analyze the identified pain points:
• Recurring or generic vulnerabilities
• Gaps between vendor versions and OS versions (notably Red Hat libraries)
• Noise related to components that are stored but not used
• Propose process improvements, without unilateral modification of existing tools or rules

5. Expected deliverables

The consultant’s expected deliverables include in particular:

• Consolidated follow-up dashboards for management
• Status reports on critical and out-of-scope vulnerabilities
• Recommendations for improvement of vulnerability management processes
• Supporting documentation for the adoption of ServiceNow Vulnerability Response

6. Required skills and profile

The consultant must demonstrate:

• Proven experience in vulnerability management in a complex environment
• Mastery of Vulnerability Management / Vulnerability Response processes
• Ability to work with tools such as ServiceNow Vulnerability Response and vulnerability scanners; prior knowledge is an asset
• Strong aptitude for cross-functional coordination and managerial reporting

7. Positioning within the organization

The Vulnerability Manager consultant operates:

• Within the Infrastructures department, supporting the Middleware, Servers, and Telecom competence centers
• In coordination with the team managing the NIS2 dossier within ETNIC
• In coordination with the ITIL team managing the ServiceNow platform, change management (RFC), and monitoring