Director, Security (Enterprise Security)

About The Position

Requirements

• Visionary Strategic Leadership: Proven ability to create a clear and compelling vision for the entire Enterprise Security function , effectively decompose the long-term strategy into goals, and communicate complex topics to executive stakeholders and the board.
• Enterprise Security Expertise: Extensive experience architecting and managing security programs for global, cloud-native organizations, including identity management, endpoint security, data protection, and SaaS governance in hybrid and remote environments.
• Identity and Access Governance: Advanced knowledge of zero-trust principles and hands-on experience building and optimizing IAM strategies across multi-cloud and multi-SaaS platforms to ensure effective, user-centric access control.
• Data Protection and Privacy Leadership: Demonstrated success developing robust corporate data security programs, including encryption, data loss prevention (DLP), and secure data lifecycle management, with a strong commitment to privacy and regulatory alignment.
• Organizational Influence & Partnership: Exceptional ability to influence across all relevant departments (IT, Engineering, Legal, People, Finance) to embed security best practices, mitigate organizational risk, and drive adoption of secure processes organization-wide.
• Team & Talent Ownership: Proven expertise in owning the hiring practices for the department, coaching managers , and developing high-performing, globally distributed teams, fostering a culture aligned to and promoting Databricks Culture Principles.
• Technological Innovation: In-depth understanding of emerging enterprise security technologies—including AI-driven threat intelligence, automation, and cloud security posture management—with a track record of leveraging technology to elevate security operations.
• Operational Excellence: Results-oriented approach in scaling enterprise security programs, leveraging analytics and automation to drive measurable efficiency, resilience, and business empowerment.
• Compliance and Industry Knowledge: Practical experience with relevant enterprise compliance standards such as SOC 2, ISO 27001, and FedRAMP, and success in operationalizing control frameworks in complex, cloud-centric organizations.
• Candidates must be eligible to obtain and maintain a U.S. government clearance at the Secret level or higher.

Nice To Haves

• Hyper-Growth Experience: Direct security leadership experience in hyper-growth SaaS or cloud companies is highly preferred, with an ability to adapt strategy and operations to ongoing business scale and transformation.

Responsibilities

• Strategic Partnerships and Influence: Own, develop, and drive the Enterprise Security vision, priorities, and OKRs by building deep, cross-functional partnerships —ensuring alignment across department leadership and the company's overall mission.
• Security Architecture and Design: Own the long-term strategic roadmap for enterprise security, ensuring the architecture anticipates future business needs, technical evolution, and resource investment strategies.
• Data Security and Governance: Lead the creation of robust data protection standards and processes that prioritize customer and employee trust, ensuring sensitive corporate data is managed responsibly and securely across SaaS and internal platforms.
• SaaS and Cloud Application Security: Embed security by design into the selection, integration, and management of business-critical SaaS and cloud applications—collaborating across teams to ensure solutions meet the highest standards of customer and enterprise protection.
• Endpoint Security and Workforce Enablement: Enable a culture of innovation and productivity by delivering an endpoint security program that is user-centric, scalable, and adaptable—protecting corporate systems without compromising speed or autonomy.
• System Hardening and Configuration Standards: Establish and maintain evidence-based STIGs and security baselines for corporate and SaaS environments, driving consistent security hygiene and enabling rapid, secure adoption of new technologies.
• Identity and Access Management: Champion a unified, data-driven IAM strategy that empowers secure and frictionless access to corporate resources, supporting Databricks’ global workforce and collaboration while aligning with zero-trust principles.
• Automation and Operational Maturity: Accelerate organizational maturity by leveraging automation, data-driven insights, and proactive budget/resource planning to optimize security processes, elevate response times, and drive measurable efficiency across the security function.