Security Compliance Architect Workstation Patching and Remediation

Summary: The Security Compliance Architect for Workstation Patching and Remediation is responsible for leading the Patch Compliance Engineering team, overseeing patching toolsets, and managing vendor relationships. This role involves strategic oversight, compliance reporting, and driving continuous improvement in patching processes. The architect will also focus on proactive remediation, advanced reporting, and active patching execution across enterprise environments. Strong leadership and technical skills in endpoint security and vulnerability remediation are essential for success in this position.

Key Responsibilities:

• Provide strategic oversight of the Patch Compliance Engineering team, including task prioritization, technical direction, and remediation governance
• Serve as Product Owner for patching toolsets and lead coordination with internal teams and external vendors
• Approve and oversee large-scale patching jobs across global endpoint fleets, ensuring operational readiness and alignment with risk priorities
• Develop and implement continuous improvement strategies to streamline tooling, reporting, and remediation processes
• Manage vendor relationships for patch tooling and remediation platforms
• Act as a liaison to key teams including Cybersecurity, VMS, Global Infrastructure, SCCM-OSD, LPN, and Intune-Autopilot
• Drive regular executive reporting on compliance status, risk posture, and roadmap initiatives
• Proactive Remediation: Auto-update enablement for third-party and end-of-life software, attack surface reduction strategies, implementation of controls to block known bad software from reintroduction
• Advanced Reporting & Analysis: Patch applicability and gap analysis using Qualys, trend tracking and compliance history, coordination with CXO/Contact Center teams to identify reimage candidates
• Active Patching Execution: Mastery of enterprise toolsets to manage patch lifecycle across categories including Vulnerability Reporting, Windows OS Patching, Microsoft Office Patching, and Third-Party Application Patching
• Build and configure baseline patch packages, pre-/post-patch scripting, and automation workflows
• Optimize query logic and targeting in tooling to reduce deployment failures and improve accuracy

Key Skills:

• 10+ years of experience in endpoint security, vulnerability remediation, or IT compliance in large-scale enterprise environments
• Strong expertise with SCCM, Microsoft Intune, Windows Autopatch, and third-party patching tools such as PatchMyPC, Nexthink, and Qualys VMDR
• Proven ability to lead or oversee patch engineering teams, including performance coaching and remediation governance
• Advanced scripting skills (e.g., PowerShell, Python) and automation best practices
• Hands-on experience with vulnerability platforms such as Qualys for prioritization and reporting
• Excellent communication and reporting skills with the ability to engage and brief executive leadership
• Strong track record of process optimization and cross-functional collaboration
• Experience at Big 4 firms, global consulting organizations, or large regulated enterprise environments (preferred)
• Familiarity with GenAI or automation frameworks for improving patch workflows or security posture (preferred)
• Knowledge of GRC frameworks such as NIST, ISO 27001, or CIS Controls (preferred)
• Experience with SCCM-to-Intune modernization programs and endpoint lifecycle management (preferred)
• Familiarity with enterprise reimaging, OS deployment, and vulnerability management workflows (preferred)

Salary (Rate): undetermined

City: undetermined

Country: USA

Working Arrangements: remote

IR35 Status: outside IR35

Seniority Level: undetermined

Industry: IT