Director of Security Operations

Security Operations Leadership

• Own end-to-end security operations including SOC, monitoring, and detection capabilities
• Oversee SIEM, EDR, and logging programs to ensure effective threat detection and response
• Manage internal and third-party security operations providers (e.g., MSSP)
• Continuously improve alert quality, detection coverage, and operational efficiency

Incident Response & Event Management

• Act as technology incident commander for security events and incidents
• Lead operational response including triage, containment, eradication, and recovery
• Ensure incidents are managed in accordance with established procedures and SLAs
• Escalate critical and high-risk incidents to the CISO with clear analysis and recommendations
• Lead post-incident reviews and drive continuous improvement actions

Vulnerability Management

• Own the operational lifecycle of vulnerability management including scanning, prioritization, and remediation tracking
• Ensure adherence to defined remediation timelines and SLAs
• Coordinate penetration testing activities and validation of remediation efforts
• Provide visibility into vulnerability risk and remediation progress

Threat Detection & Monitoring

• Oversee logging and monitoring programs to ensure comprehensive visibility across the environment
• Drive development and tuning of detection use cases and alert logic
• Ensure effective integration of threat intelligence into detection and response processes

Phishing & Threat Response Operations

• Oversee operational response to phishing and email-based threats
• Ensure timely triage, analysis, and mitigation of reported phishing activity
• Partner with the Manager, Information Security on phishing trends and control improvements

Operational Control Effectiveness

• Ensure security controls are operating effectively across monitoring, incident response, vulnerability management, and access enforcement
• Identify control gaps, breakdowns, or inefficiencies and drive remediation
• Escalate systemic control issues and risks to the CISO and Technology Risk

Metrics, Reporting & Continuous Improvement

• Develop and maintain operational metrics and KPIs (e.g., MTTR, vulnerability SLAs, alert volumes)
• Provide regular reporting on security operations performance and risk trends
• Identify opportunities to improve automation, tooling, and processes

Collaboration & Leadership

• Lead and mentor security operations personnel
• Partner with Infrastructure, Engineering, DevSecOps, and Technology teams to implement and improve controls
• Support audits, regulatory assessments, and evidence requests related to security operations

• Bachelor’s degree in Information Security, Computer Science, or related field (or equivalent experience)
• 7+ years of experience in cybersecurity, with a focus on security operations, incident response, or SOC leadership
• Experience managing security monitoring, SIEM, and incident response programs
• Strong understanding of vulnerability management and threat detection
• Experience operating in regulated environments (PCI, FFIEC, or similar)
• Strong leadership, communication, and decision-making skills

• Experience managing or partnering with MSSPs or outsourced SOC providers
• Experience with cloud security (AWS preferred)
• Familiarity with MITRE ATT&CK framework and detection engineering practices
• Relevant certifications (e.g., CISSP, GCIA, GCIH, CISM)

• Security incidents are detected and responded to quickly and effectively
• Vulnerabilities are remediated within defined SLAs
• Alert quality improves and false positives decrease over time
• Security operations processes are efficient, scalable, and well-documented
• Stakeholders have clear visibility into operational security risk
• Security controls are operating effectively with minimal audit findings