Logo for Omnissa

Director, Security Architecture, Vulnerability Management and Response

Role overview

Qualifications

  • 10+ years in information security, including 5+ years leading technical security teams
  • Experience building and operating enterprise identity security strategy
  • Deep hands-on background across multiple domains: cloud and network security, endpoint/workload protection
  • Strong communication skills with the ability to influence executives and engineers alike

Responsibilities

  • Set the multi-year strategy and roadmap aligned to Omnissa's risk appetite and business objectives
  • Partner with all lines of business to establish security standards and perform architecture and design reviews
  • Own the end-to-end Exposure Management program, the tooling, scanners, processes, and SLAs
  • Establish and mature Omnissa's security approach to AI and GenAI adoption

About the company

Omnissa logo

Omnissa

Omnissa is the digital work platform leader, trusted by thousands of organizations worldwide as the former VMware End-User Computing business. We make digital work, work – for businesses and their people. No painful IT processes or productivity trade-offs. Instead, a seamlessly delivered digital employee experience that simplifies work. Our comprehensive digital work platform enables IT teams to provide secure, personalized experiences for every employee, on any device. Omnissa unifies, automates, and efficiently scales the digital workspace. By empowering employees to do their best work, anywhere, we help workforces everywhere unlock exponential business value. All is made possible with the Omnissa™ Platform, the first AI-driven digital work platform for smart, seamless, and secure work experiences from anywhere. It integrates multiple industry-leading solutions across Unified Endpoint Management, Virtual Desktops and Apps, Digital Employee Experience, and Security and Compliance. By continuously adapting to users’ work styles, Omnissa optimizes user experience, security, IT operations and costs.

Company details

Company size1001 - 5000

Your match analysis

See how your profile stacks up against this role.

We compared the job requirements to your profile to show where you're strong and where you fall short.

Job description

Job Description:

Job Description

We are Omnissa! 

Omnissa is the first AI-driven digital work platform, built to support flexible, secure, work-from anywhere experiences. We integrate industry-leading solutions—including Unified Endpoint Management, Virtual  Apps and Desktops, Digital Employee Experience, and Security & Compliance—into a seamless, autonomous workspace that adapts to how people work. Our platform boosts employee engagement while optimizing IT operations, security, and cost.

Guided by our Core Values—Act in Alignment, Build Trust, Foster Inclusiveness, Drive Efficiency, and Maximize Customer Value—we’re growing rapidly and committed to delivering meaningful impact. If you're passionate about shaping the future of work, we’d love to hear from you. 

Director, Security Architecture, Vulnerability Management and Response

Reports to: Chief Information Security Officer (CISO)

Location: AMER (ATL or MV is preferred - Remote-for the right candidate)

Role Summary

Omnissa is seeking a Director, Security Architecture, Vulnerability Management and Response to set and drive the strategy for three tightly integrated security functions: Security Architecture, Vulnerability Management, and Vulnerability Response (PSIRT). This leader leads the technical security capabilities that protect Omnissa's infrastructure, applications, and services across on-premises and cloud environments, and is accountable for the full lifecycle of risk, from identification through mitigation and verified remediation. This role works in close partnership with Product Security and engineering leadership to align shared standards for secure development and vulnerability response, rather than operating as a separate or overlapping function.

This is a hands-on leadership role for someone who can balance long-range strategy with day-to-day operational excellence, build deep partnerships across the business, and lead a distributed team of senior engineers and architects. As Omnissa expands its use of AI across the enterprise, this role also carries responsibility for shaping the security and governance posture around emerging AI/GenAI technologies.

Key Responsibilities

Strategy & Leadership

  • Set the multi-year strategy and roadmap aligned to Omnissa's risk appetite and business objectives.

  • Lead, mentor, and grow a globally distributed team of senior security engineers and architects across AMER and APAC.

  • Serve as the senior escalation point for design conflicts and remediation prioritization decisions, and for security incidents surfaced through the vulnerability response (PSIRT) process.

  • Represent the function to executive leadership, translating technical risk into business terms and reporting on posture, progress, and investment needs.

Security Architecture

  • Partner with all lines of business to establish security standards, perform architecture and design reviews, and embed security into every stage of design and implementation.

  • Drive security framework development, hardening standards, and policy adherence across the enterprise.

  • Conduct risk assessments and requirements gathering for new infrastructure, products, and services, ensuring controls are defined before deployment.

  • Partner closely with Product Security and engineering to define security architecture requirements across the SDLC and CI/CD ecosystem, including threat modeling, architecture standards, SAST, DAST, software composition analysis, secrets detection, and artifact/image signing, ensuring security controls are built into development and deployment workflows from design through release.

  • Drive secure-by-design practices across the enterprise, reference architectures, secure design patterns, and paved-road templates that make the secure path the default path for engineering teams, reducing reliance on after-the-fact review.

  • Oversee threat modeling for new architectures, major features, and significant changes, partnering  with IT, Product Security, and Engineering, to identify design-stage risk before implementation begins.

  • Define and maintain Omnissa's enterprise identity security strategy and standards, spanning workforce and non-human identities, including AI agents, and API-level access, authentication (SSO, MFA, phishing-resistant methods), authorization, privileged access, and identity governance, across on-premises and cloud environments, partnering with IT, who own and operate the underlying IAM tooling.

  • Partner with IT and engineering to drive adoption of modern identity architecture (e.g., Zero Trust access principles, just-in-time/just-enough access, federation standards) that scales to AI-driven and non-human identity growth across enterprise and product-facing systems.

  • Align security architecture, hardening standards, and control design with applicable frameworks: SOC 2, ISO 27001, NIST CSF/800-53, PCI, HIPAA, and FedRAMP; supporting control evidence and audit readiness in partnership with Compliance/GRC.

  • Partner with data owners, Legal, and Privacy to define data classification, residency, retention, and disposal standards,  including for data used in AI/GenAI training, fine-tuning, and retrieval — and ensure security architecture enforces them across on-prem, cloud, and AI/ML pipelines

Exposure/Vulnerability Management

  • Own the end-to-end Exposure Management program, the tooling, scanners, processes, and SLAs that identify, prioritize, and remediate risk across all environments.

  • Continuously monitor, prioritize, and report on vulnerabilities, providing remediation guidance to system and product owners and driving accountability to closure.

  • Govern the program in alignment with Omnissa's Vulnerability Management Policy and Standards.

  • Ensure Exposure/Vulnerability Management SLAs and remediation accountability apply uniformly across infrastructure, cloud, and product/application codebases.

Vulnerability Response (PSIRT)

  • Own the enterprise PSIRT strategy, partnering with the team on intake, triage, and coordinated response for vulnerabilities in Omnissa products and services, whether reported externally (researchers, customers, bug bounty) or discovered internally.

  • Define and enforce SLAs for triage time, severity scoring, and remediation timelines by severity.  

  • Own the responsible disclosure program and any bug bounty/researcher relationships, including embargo management, CVE issuance, and public security advisory publication.

  • Serve as the central coordination point during high/critical vulnerability events,  aligning Legal, Communications, Customer Success, and Engineering on response, customer notification, and regulatory disclosure obligations.

  • Maintain a closed feedback loop from PSIRT findings into Product Security's threat modeling, secure coding standards, pipeline security gates, and pen test processes: recurring vulnerability classes must directly inform these controls, not just get patched and closed.

AI Governance & Emerging Technology Security

  • Establish and mature Omnissa's security approach to AI and GenAI adoption, including guardrails, managed enterprise settings, and acceptable-use enforcement for AI tooling.

  • Partner with business and engineering stakeholders to assess and govern AI-related risk as new capabilities are introduced, ensuring controls keep pace with adoption.

  • Develop enterprise standards for secure AI usage and partner with Threat Management to define and support AI-related monitoring and detection requirements across the enterprise.

  • Evaluate and apply relevant AI risk and security frameworks (e.g., NIST AI RMF, OWASP LLM Top 10, ISO/IEC 42001) to guide model and pipeline risk assessments.

Partnership, Tooling & Vendor Management

  • Make partnership and collaboration with SaaS/product engineering teams a central, ongoing priority — engaging early in the development lifecycle to embed security, unblock teams, and reduce friction.

  • Lead security tool selection, proofs of concept, and vendor negotiations, optimizing for capability, cost, and integration across the stack.

  • Manage vendor relationships and ensure the security toolchain delivers measurable risk reduction.

Required Qualifications

  • 10+ years in information security, including 5+ years leading technical security teams (engineering, architecture, and/or Exposure/Vulnerability Management), preferably at global SaaS companies.

  • Experience building and operating enterprise identity security strategy, including IAM/PAM architecture, authentication standards, and identity threat detection.

  • Deep hands-on background across multiple domains: cloud and network security, endpoint/workload protection, Exposure/Vulnerability Management, and Product Security/SDLC.

  • Working knowledge of data governance principles (classification, residency, retention) and major compliance/regulatory frameworks — including GDPR, CCPA, and CMMC alongside those listed above; AI risk frameworks a plus.

  • Proven track record partnering with engineering teams at a global SaaS company to drive security outcomes through influence and collaboration rather than mandate.

  • Experience with the full risk lifecycle: risk assessment, requirements gathering, control design, tool selection, vendor negotiation, and remediation oversight.

  • Strong communication skills with the ability to influence executives and engineers alike.

  • Hands-on experience partnering with Product/Application Security teams to integrate security into SDLC and CI/CD pipelines

  • Practical experience with threat modeling methodologies  and driving secure-by-design outcomes at the architecture stage, before code is written.

  • Experience operating across a globally distributed team and supporting 24x7 service models.

Preferred Qualifications

  • Background at a B2B SaaS/cloud company preferred, given the enterprise customer, contractual, and regulatory context this role operates in.

  • Experience securing AI/GenAI technologies and establishing governance for their enterprise use.

  • Familiarity with modern security tooling such as CrowdStrike, Wiz, Tenable, Seemplicity, Recorded Future, Cribl, and Palo Alto / Panorama.

  • Relevant certifications (e.g., CISSP, CCSP, or equivalent).

What Success Looks Like

  • A clear, funded, multi-year strategy across all three pillars with measurable risk-reduction outcomes.

  • Security engaged as a trusted, early partner by SaaS and product teams, not a late-stage gate.

  • A mature, metrics-driven Exposure Management program with SLAs consistently met.

  • A defined and enforced AI governance posture that enables safe adoption at the pace the business needs.

Omnissa is an Equal Employment Opportunity company and Prohibits Discrimination and Harassment of Any Kind: 

The typical base salary for this role is between USD $178,000 – $296,700 per year and it may be eligible for participation in a corporate bonus program. Actual compensation offer may vary from posted hiring range based upon geographic location, work experience, education, skill level, or other relevant factors. In addition to competitive compensation, Omnissa offers a variety of benefits such as employee ownership, health insurance, 401k with matching contributions, disability insurance, paid-time off, growth opportunities, and more.


 
Omnissa is committed to the principle of equal employment opportunity and to providing a work environment free of discrimination and harassment. All employment decisions at Omnissa are based on business needs, job requirements and individual qualifications, without regard to race, color, religion, ancestry, ethnicity, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past, present, or prospective service in the uniformed services, family medical history or genetic information, family or parental status, veteran status, or any other status protected by applicable laws or regulations in the locations where we operate. Omnissa will not tolerate discrimination or harassment based on any of these characteristics. Omnissa welcomes applicants of all ages. Omnissa will provide reasonable accommodations to applicants and employees who have protected disabilities consistent with applicable federal, state and local law. 


This job requisition is not eligible for employment-based immigration sponsorship by Omnissa

Apply once. Then go straight to the hiring manager.

After you apply, unlock the direct contact details of the people who actually make the call. A quick follow-up makes you 5x more likely to land an interview.

MR

Marcus Rivera

Chief Revenue Officer

m.rivera@company.com
linkedin.com/in/marcusrivera
Unlocked after you apply
·

Related jobs

Other jobs at Omnissa

Premium

Reach out to the hiring manager directly.

Gain access to the contact details of the hiring managers who actually decide, and reach out to network with them directly. That, plus more when you upgrade:

  • Full match report with fit score and gaps
  • Career diagnostics on how recruiters read you
  • Curated company matches and warm intros
  • 48h early access to new roles

Cancel anytime.