Director, Enterprise Vulnerability Management

We are seeking a seasoned cybersecurity leader to own and mature our Enterprise Vulnerability Management (VM) function. This role is accountable for identifying, prioritizing, communicating, and driving remediation of vulnerabilities across infrastructure, cloud, and application environments. 

The ideal candidate blends deep technical expertise with strong leadership and influence, enabling them to work effectively across Product and Platform Engineering, IT, Cloud, and Senior Leader stakeholders. This role leads teams responsible for infrastructure vulnerability management and application security and serves as a key partner in reducing enterprise cyber risk through measurable outcomes. 

This is a critical role within the Cyber organization reporting to the CISO and will regularly interface company leadership and technical teams. This role must have strong communication and collaboration skills to work with Global cross-functional teams and stakeholders.  

What you’ll be doing:  

• Set the enterprise strategy for enterprise vulnerability management, ensuring risk-based identification, prioritization, and remediation across infrastructure, applications, cloud, and third-party environments 

• Lead and mature the vulnerability management program, establishing governance, standards, and operating models aligned to business risk and regulatory expectations 

• Partner with product and platform engineering, IT, Cloud, and senior leaders to drive timely remediation and embed secure-by-design practices into development and operational workflows 

• Oversee vulnerability management tooling, automation, and integrations, ensuring scalability, accuracy, and operational efficiency 

• Incorporate threat intelligence, exploitability, and business context to drive executive-level risk prioritization and decision-making 

• Define and track program metrics and OKRs, providing clear, actionable reporting to senior leadership and on exposure, trends, and risk reduction progress 

• Ensure alignment with relevant regulatory, audit, and compliance requirements while minimizing operational friction 

• Build, mentor, and lead a high-performing geographically diverse vulnerability management team, fostering accountability, continuous improvement, and strong cross-functional collaboration 

• Lead the adoption of Blackbaud’s enterprise cybersecurity policies, standards, and risk management frameworks within India, ensuring alignment with global cybersecurity governance and regulatory expectations while addressing local operating realities 

What you'll bring:  

• 15 years of relevant professional experience and a minimum of 10 years’ experience as a people manager 

• 10+ years of experience in cybersecurity, with significant focus on Vulnerability Management, Application Security, or Threat & Vulnerability Management 

• Proven ability to prioritize risk, influence without authority, and drive remediation outcomes 

• Experience communicating complex security issues to non‑technical and executive audiences 

• Experience in a SAFe or other agile methodology preferred 

• Ability to deliver work which meets all minimum standards of quality, security, and operability 

• Strong hands‑on knowledge of: 

• Vulnerability scanning and management platforms 

• Application security testing (SAST, DAST, SCA, penetration testing) 

• Cloud and infrastructure security concepts 

• Demonstrated experience leading security teams through transformation and poses a global workforce mindset 

• Experience operating in distributed and cloud‑first environments 

• Experience integrating vulnerability management into CI/CD pipelines and automation workflows  

• Familiarity with PCI DSS, security hardening benchmarks, and enterprise frameworks and best practices 

• Exposure to Artificial Intelligence (AI) capabilities for software development and security