Director Security Operations

The Director of (Cyber) Security Operations is a cyber leadership role responsible for establishing, directing, and continuously maturing the organization's security operations capabilities to detect, prevent, respond to, and recover from cybersecurity threats and incidents. This role provides strategic and operational leadership across security monitoring, incident detection and response, threat intelligence, vulnerability operations, logging and telemetry management, and security operations tooling. The Director partners closely with infrastructure, cloud, application, architecture, legal, privacy, compliance, and business stakeholders to ensure operational security capabilities are aligned with enterprise risk priorities, regulatory obligations, and business resiliency requirements. The role is accountable for building and leading a high-performing operations team, defining operational procedures and escalation protocols, driving continuous improvement through automation and metrics, and ensuring the organization can rapidly identify and address cyber events in a manner that protects systems, data, customers, and business operations.

WHAT YOU'LL BE DOING:

• Lead the strategic direction, operating model, and maturity roadmap for the security operations function, including monitoring, detection, response, and operational resilience activities.
• Oversee security operations center (SOC) capabilities, whether internal, outsourced, or hybrid, and ensure monitoring coverage for critical enterprise, cloud, endpoint, identity, network, and application environments.
• Direct the end-to-end incident response lifecycle, including triage, investigation, containment, eradication, recovery, escalation, and post-incident lessons learned.
• Establish and maintain operational processes, standard operating procedures, escalation criteria, and playbooks for security events, incidents, and crisis situations.
• Lead and improve vulnerability operations in partnership with infrastructure, engineering, and application teams, including prioritization, remediation oversight, exception handling, and reporting.
• Manage and optimize core detection and response technologies such as SIEM, SOAR, EDR/XDR, case management, threat intelligence, email security, and related operational tooling.
• Drive detection engineering, use-case development, alert tuning, and automation initiatives to improve fidelity, reduce noise, and accelerate response times.
• Coordinate with legal, privacy, compliance, human resources, communications, and executive leadership during significant cybersecurity incidents and investigations.
• Support digital forensics, threat hunting, and root cause analysis efforts as needed for material incidents or suspicious activity.
• Partner with security architecture, engineering, and IT operations teams to improve control effectiveness, close operational gaps, and strengthen preventive and detective capabilities.
• Lead service reviews and performance oversight for managed security service providers, technology vendors, and other external partners supporting operational security functions.
• Coach, develop, and performance-manage analysts, engineers, and operational leaders while fostering a resilient, accountable, and continuously improving team culture.

YOU'VE GOT WHAT IT TAKES IF YOU HAVE/ARE:

• 10+ years of progressive experience in cybersecurity, information security, or related technology roles.
• 5+ years of leadership experience in security operations, incident response, threat detection, or a comparable cyber operations function.
• Bachelor's degree in Cybersecurity, Information Security, Computer Science, Information Technology, Engineering, or a related field; or equivalent combination of education and relevant professional experience.
• Demonstrated experience leading security monitoring and incident response programs in a mid-sized or large enterprise environment.
• Experience managing or overseeing SOC operations, including internal teams, managed security service providers, or hybrid operational models.
• Experience leading significant cybersecurity incidents, investigations, and post-incident remediation efforts.
• Experience with vulnerability operations, remediation governance, and security operations tooling strategy and optimization.
• Experience developing operational metrics, executive dashboards, and performance reporting for leadership audiences.
• Experience managing technical teams, vendors, and cross-functional stakeholders in support of enterprise security objectives.

EXPERIENCE/EDUCATION PREFERRED:

• Master's degree in Cybersecurity, Information Assurance, Computer Science, Business Administration, or a related discipline.
• Professional certifications such as CISSP, CISM, GIAC, GCIA, GCIH, or other relevant security operations, incident response, or leadership credentials.
• Experience in SaaS, cloud-native, highly regulated, or customer-facing technology environments.
• Experience aligning operational practices to recognized frameworks or standards such as NIST CSF, NIST SP 800-61, ISO 27001, CIS Controls, SOC 2, PCI DSS, HIPAA, or other applicable requirements.
• Experience building or maturing detection engineering, threat hunting, digital forensics, or crisis management capabilities.
• Experience supporting customer-facing security reviews, external audits, or regulatory examinations involving operational controls.