Omnissa
See how your profile stacks up against this role.
We compared the job requirements to your profile to show where you're strong and where you fall short.
Job Description:
Job Description
We are Omnissa!
Omnissa is the first AI-driven digital work platform, built to support flexible, secure, work-from anywhere experiences. We integrate industry-leading solutions—including Unified Endpoint Management, Virtual Apps and Desktops, Digital Employee Experience, and Security & Compliance—into a seamless, autonomous workspace that adapts to how people work. Our platform boosts employee engagement while optimizing IT operations, security, and cost.
Guided by our Core Values—Act in Alignment, Build Trust, Foster Inclusiveness, Drive Efficiency, and Maximize Customer Value—we’re growing rapidly and committed to delivering meaningful impact. If you're passionate about shaping the future of work, we’d love to hear from you.
Director, Security Architecture, Vulnerability Management and Response
Reports to: Chief Information Security Officer (CISO)
Location: AMER (ATL or MV is preferred - Remote-for the right candidate)
Role Summary
Omnissa is seeking a Director, Security Architecture, Vulnerability Management and Response to set and drive the strategy for three tightly integrated security functions: Security Architecture, Vulnerability Management, and Vulnerability Response (PSIRT). This leader leads the technical security capabilities that protect Omnissa's infrastructure, applications, and services across on-premises and cloud environments, and is accountable for the full lifecycle of risk, from identification through mitigation and verified remediation. This role works in close partnership with Product Security and engineering leadership to align shared standards for secure development and vulnerability response, rather than operating as a separate or overlapping function.
This is a hands-on leadership role for someone who can balance long-range strategy with day-to-day operational excellence, build deep partnerships across the business, and lead a distributed team of senior engineers and architects. As Omnissa expands its use of AI across the enterprise, this role also carries responsibility for shaping the security and governance posture around emerging AI/GenAI technologies.
Key Responsibilities
Strategy & Leadership
Set the multi-year strategy and roadmap aligned to Omnissa's risk appetite and business objectives.
Lead, mentor, and grow a globally distributed team of senior security engineers and architects across AMER and APAC.
Serve as the senior escalation point for design conflicts and remediation prioritization decisions, and for security incidents surfaced through the vulnerability response (PSIRT) process.
Represent the function to executive leadership, translating technical risk into business terms and reporting on posture, progress, and investment needs.
Security Architecture
Partner with all lines of business to establish security standards, perform architecture and design reviews, and embed security into every stage of design and implementation.
Drive security framework development, hardening standards, and policy adherence across the enterprise.
Conduct risk assessments and requirements gathering for new infrastructure, products, and services, ensuring controls are defined before deployment.
Partner closely with Product Security and engineering to define security architecture requirements across the SDLC and CI/CD ecosystem, including threat modeling, architecture standards, SAST, DAST, software composition analysis, secrets detection, and artifact/image signing, ensuring security controls are built into development and deployment workflows from design through release.
Drive secure-by-design practices across the enterprise, reference architectures, secure design patterns, and paved-road templates that make the secure path the default path for engineering teams, reducing reliance on after-the-fact review.
Oversee threat modeling for new architectures, major features, and significant changes, partnering with IT, Product Security, and Engineering, to identify design-stage risk before implementation begins.
Define and maintain Omnissa's enterprise identity security strategy and standards, spanning workforce and non-human identities, including AI agents, and API-level access, authentication (SSO, MFA, phishing-resistant methods), authorization, privileged access, and identity governance, across on-premises and cloud environments, partnering with IT, who own and operate the underlying IAM tooling.
Partner with IT and engineering to drive adoption of modern identity architecture (e.g., Zero Trust access principles, just-in-time/just-enough access, federation standards) that scales to AI-driven and non-human identity growth across enterprise and product-facing systems.
Align security architecture, hardening standards, and control design with applicable frameworks: SOC 2, ISO 27001, NIST CSF/800-53, PCI, HIPAA, and FedRAMP; supporting control evidence and audit readiness in partnership with Compliance/GRC.
Partner with data owners, Legal, and Privacy to define data classification, residency, retention, and disposal standards, including for data used in AI/GenAI training, fine-tuning, and retrieval — and ensure security architecture enforces them across on-prem, cloud, and AI/ML pipelines
Exposure/Vulnerability Management
Own the end-to-end Exposure Management program, the tooling, scanners, processes, and SLAs that identify, prioritize, and remediate risk across all environments.
Continuously monitor, prioritize, and report on vulnerabilities, providing remediation guidance to system and product owners and driving accountability to closure.
Govern the program in alignment with Omnissa's Vulnerability Management Policy and Standards.
Ensure Exposure/Vulnerability Management SLAs and remediation accountability apply uniformly across infrastructure, cloud, and product/application codebases.
Vulnerability Response (PSIRT)
Own the enterprise PSIRT strategy, partnering with the team on intake, triage, and coordinated response for vulnerabilities in Omnissa products and services, whether reported externally (researchers, customers, bug bounty) or discovered internally.
Define and enforce SLAs for triage time, severity scoring, and remediation timelines by severity.
Own the responsible disclosure program and any bug bounty/researcher relationships, including embargo management, CVE issuance, and public security advisory publication.
Serve as the central coordination point during high/critical vulnerability events, aligning Legal, Communications, Customer Success, and Engineering on response, customer notification, and regulatory disclosure obligations.
Maintain a closed feedback loop from PSIRT findings into Product Security's threat modeling, secure coding standards, pipeline security gates, and pen test processes: recurring vulnerability classes must directly inform these controls, not just get patched and closed.
AI Governance & Emerging Technology Security
Establish and mature Omnissa's security approach to AI and GenAI adoption, including guardrails, managed enterprise settings, and acceptable-use enforcement for AI tooling.
Partner with business and engineering stakeholders to assess and govern AI-related risk as new capabilities are introduced, ensuring controls keep pace with adoption.
Develop enterprise standards for secure AI usage and partner with Threat Management to define and support AI-related monitoring and detection requirements across the enterprise.
Evaluate and apply relevant AI risk and security frameworks (e.g., NIST AI RMF, OWASP LLM Top 10, ISO/IEC 42001) to guide model and pipeline risk assessments.
Partnership, Tooling & Vendor Management
Make partnership and collaboration with SaaS/product engineering teams a central, ongoing priority — engaging early in the development lifecycle to embed security, unblock teams, and reduce friction.
Lead security tool selection, proofs of concept, and vendor negotiations, optimizing for capability, cost, and integration across the stack.
Manage vendor relationships and ensure the security toolchain delivers measurable risk reduction.
Required Qualifications
10+ years in information security, including 5+ years leading technical security teams (engineering, architecture, and/or Exposure/Vulnerability Management), preferably at global SaaS companies.
Experience building and operating enterprise identity security strategy, including IAM/PAM architecture, authentication standards, and identity threat detection.
Deep hands-on background across multiple domains: cloud and network security, endpoint/workload protection, Exposure/Vulnerability Management, and Product Security/SDLC.
Working knowledge of data governance principles (classification, residency, retention) and major compliance/regulatory frameworks — including GDPR, CCPA, and CMMC alongside those listed above; AI risk frameworks a plus.
Proven track record partnering with engineering teams at a global SaaS company to drive security outcomes through influence and collaboration rather than mandate.
Experience with the full risk lifecycle: risk assessment, requirements gathering, control design, tool selection, vendor negotiation, and remediation oversight.
Strong communication skills with the ability to influence executives and engineers alike.
Hands-on experience partnering with Product/Application Security teams to integrate security into SDLC and CI/CD pipelines
Practical experience with threat modeling methodologies and driving secure-by-design outcomes at the architecture stage, before code is written.
Experience operating across a globally distributed team and supporting 24x7 service models.
Preferred Qualifications
Background at a B2B SaaS/cloud company preferred, given the enterprise customer, contractual, and regulatory context this role operates in.
Experience securing AI/GenAI technologies and establishing governance for their enterprise use.
Familiarity with modern security tooling such as CrowdStrike, Wiz, Tenable, Seemplicity, Recorded Future, Cribl, and Palo Alto / Panorama.
Relevant certifications (e.g., CISSP, CCSP, or equivalent).
What Success Looks Like
A clear, funded, multi-year strategy across all three pillars with measurable risk-reduction outcomes.
Security engaged as a trusted, early partner by SaaS and product teams, not a late-stage gate.
A mature, metrics-driven Exposure Management program with SLAs consistently met.
A defined and enforced AI governance posture that enables safe adoption at the pace the business needs.
Omnissa is an Equal Employment Opportunity company and Prohibits Discrimination and Harassment of Any Kind:
The typical base salary for this role is between USD $178,000 – $296,700 per year and it may be eligible for participation in a corporate bonus program. Actual compensation offer may vary from posted hiring range based upon geographic location, work experience, education, skill level, or other relevant factors. In addition to competitive compensation, Omnissa offers a variety of benefits such as employee ownership, health insurance, 401k with matching contributions, disability insurance, paid-time off, growth opportunities, and more.
Omnissa is committed to the principle of equal employment opportunity and to providing a work environment free of discrimination and harassment. All employment decisions at Omnissa are based on business needs, job requirements and individual qualifications, without regard to race, color, religion, ancestry, ethnicity, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past, present, or prospective service in the uniformed services, family medical history or genetic information, family or parental status, veteran status, or any other status protected by applicable laws or regulations in the locations where we operate. Omnissa will not tolerate discrimination or harassment based on any of these characteristics. Omnissa welcomes applicants of all ages. Omnissa will provide reasonable accommodations to applicants and employees who have protected disabilities consistent with applicable federal, state and local law.
This job requisition is not eligible for employment-based immigration sponsorship by Omnissa
After you apply, unlock the direct contact details of the people who actually make the call. A quick follow-up makes you 5x more likely to land an interview.
Marcus Rivera
Chief Revenue Officer

Omnissa

Great American Insurance Company

NEXIS Builds

Forcepoint

GHX

Omnissa

Omnissa

Omnissa