Head of Security Operations

About The Position

Requirements

• You have a proven track record (10+ years) leading or heavily involved in security operations in a technology or SaaS environment, ideally with regulated data (healthcare, life sciences, or similarly regulated).
• You are comfortable operating in ambiguity and high-stakes contexts, making decisions under pressure and prioritizing response.
• You have experience in incident response and understand the communication chain and evidence collection process
• You understand multiple clouds (AWS, GCP, etc), containers, data-platform threat surfaces, and can translate technical risk into business-impact language.
• You can build and run metrics-driven security operations, define processes and workflows, and move from reactive to proactive/resilient models.
• You can communicate effectively with senior leadership and cross-functional stakeholders.
• You hold yourself accountable for operational excellence and continuous improvement of security posture.
• Bachelor's degree (or equivalent experience) in computer science, cybersecurity, engineering, or similar.
• 10+ years in security operations, incident response, or security engineering roles; 3+ years in a leadership role.
• Deep experience with security monitoring/detection tools (SIEM, SOAR, EDR/XDR), cloud security operations (AWS, GCP, Azure), threat hunting,and incident response.
• Proven success in establishing or scaling SOC/SecOps functions.
• Strong understanding of security operations metrics, incident lifecycle, root-cause analysis, and remediation.
• Familiarity with regulatory/compliance environments tied to healthcare or data-sensitive industries.

Nice To Haves

• Certifications such as CISSP, CISM, GIAC (GCIA, GCIH), or equivalent.
• Experience specifically in SaaS, healthcare, or clinical data security operations.
• Experience in AI/ML-centric organizations or securing AI/ML pipelines.
• Experience building remote/distributed security teams.
• Prior experience with compliance frameworks is a plus (HIPAA, HITRUST, ISO 27001, SOC2).

Responsibilities

• Develop and own the security operations strategy: define missions, objectives, KPIs, service levels, and a road-map for detection, response, monitoring, and operations.
• Build, lead, and scale the security operations team: SOC/SecOps analysts, threat hunters, response engineers; define roles, hiring, training, and leadership.
• Oversee real-time security monitoring, detection, triage, investigation, and containment of incidents across cloud, infrastructure, product, clinical data pipelines, and end-user interfaces.
• Perform tabletop and DR/BR scenarios
• Define incident response playbooks, run-books, escalation paths, crisis communication, post-mortem mechanics, and lessons-learned cycles specific to regulated health-AI contexts.
• Manage security tooling and architecture for operations: SIEM, SOAR, threat intel platforms, cloud-native logging/alerting, automation of response.
• Embed security operations practices into product and engineering life cycles: collaborate with product security, devops, data science, and clinical operations to integrate detection/response capabilities.
• Work with GRC to establish vendor/third-party risk monitoring for security operations: ensure that outsourced services, clinical-data vendors, and cloud providers meet operational security expectations.
• Maintain readiness for audits, compliance, and regulatory demands (HIPAA-adjacent, healthcare data, AI-governance) as operations scale.
• Liaise with other functional leads (GRC, privacy, product, legal) to ensure alignment of security operations with governance and compliance frameworks.