Head of Security Operations

About the Role

• Lead and manage the Security Operations Center (SOC) (internal and/or external MSSP), ensuring 24/7 security monitoring, incident detection, response, and escalation processes.
• Develop and execute the security operations strategy, policies, and response playbooks, to include integrated third-party response and notification procedures.
• Oversee real-time monitoring and analysis of security events from multiple data sources to detect and respond to threats.
• Lead all aspects of incident response, including investigation, containment, remediation, and root cause analysis.
• Develop and execute a cyber intelligence program to deliver an intelligence-driven and risk-prioritized security program (awareness/technologies/controls) and identification of key risks to the business.
• Lead and enhance the Attack Surface Management (ASM) program to continuously identify, assess, and minimize external and internal exposures.
• Establish and maintain ASM governance, policies, standards, and procedures.
• Ensure the regular scanning, assessment, prioritization, and remediation of security vulnerabilities across the environment (application, infrastructure, cloud, API, etc.).
• Collaborate with external threat intelligence sources, law enforcement, and government/industry organizations (e.g., FS-ISAC) to stay updated on evolving threats, vulnerabilities, and TTPs (tactics, techniques, and procedures).
• Develop and maintain metrics, dashboards, and reports on SOC performance, attack surface exposure, and vulnerability management outcomes for senior leadership and the board.
• Ensure regulatory compliance (e.g., PCI, HIPAA, HITRUST, NIST CSF) through effective security operations controls and processes.
• Conduct security drills, tabletop exercises, and red/blue team assessments to test and improve operational readiness.
• Manage, in coordination with Security Architecture & Engineering, the security technology stack, including SIEM, SOAR, ASM tools, IDS/IPS, EDR, DLP, and vulnerability scanning platforms.
• Lead the SecOps team, including outsourced/contract support resources, fostering continuous growth, cross-training, and process optimization.
• Other duties as assigned.

Who You Are

• Bachelor’s degree in Information Security, Computer Science, Information Technology, or a related field is preferred.
• 8+ years of experience in Information Security, with at least 5 years focused on Security Operations and Vulnerability Management.
• 3+ years of leadership or management experience in Security Operations.
• Strong experience in healthcare or digital health is preferred.
• Experience working in a high growth company is required.
• Applicable certifications a plus (e.g., Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), GIAC Certified Incident Handler (GCIH), Certified Ethical Hacker (CEH)).
• Deep expertise in security operations, cyber intelligence, threat detection, incident response, attack surface management, and vulnerability management.
• Strong understanding of cyber threat landscape, attack vectors, security technologies, and defensive tactics.
• Familiarity with regulatory frameworks (HIPAA, HITRUST, NIST CSF).
• Excellent leadership and communication skills with the ability to engage technical and non-technical stakeholders, including senior executives and the board.
• Excellent organizational and documentation skills.
• Ability to effectively collaborate and communicate with business partners, customers, third parties, and regulatory agencies.
• Analytical and problem-solving abilities with a proactive, risk-based approach.
• Strategic thinking and the ability to align security risks and initiatives with business objectives.
• Detail-oriented with a strong focus on operational excellence and regulatory compliance.
• Strong customer service orientation.
• Adaptability to handle dynamic and challenging environments.
• Energetic, resourceful, and appropriate work intensity to get the work done.
• Strong people acumen and relationship skills.