Director, Security Operations

We're hiring our first dedicated IT leader to own company‑wide infrastructure, security, operations, and strategy. This role combines high‑level planning with hands‑on execution in a growing, fast‑moving environment.

Key Responsibilities

• Own the company's IT roadmap, governance framework, and technology standards.
• Serve as the senior IT leader and primary point of contact for executives, partners, vendors, and the MSP.
• Build business cases, evaluate options, and present clear recommendations to leadership.
• Establish IT portfolio management to prioritize and track technology initiatives.
• Manage IAM, endpoint management, device management, SaaS administration, and collaboration platforms (e.g., M365, SharePoint).
• Oversee full system lifecycle management using strong SDLC practices.
• Identify and close infrastructure, process, and systems gaps proactively.
• Manage networking and office technology needs.
• Lead information security strategy, tooling, policies, and ongoing risk management.
• Build and maintain a GRC framework, including BC/DR planning and incident readiness.
• Ensure controls and documentation for regulated, validated, and audit‑relevant systems (including ITGC requirements).
• Oversee security solutions such as email security, endpoint protection, and security awareness platforms.
• Manage MSP performance, escalations, SLAs, evaluations, and renewals.
• Oversee SaaS vendor relationships, contracts, and renewals.
• Build and lead processes for evaluating, approving, and governing AI tools.
• Develop AI usage policies with business, legal, and compliance stakeholders.
• Track emerging technologies to support operational efficiency and scalability.
• Partner with Operations, Finance, Legal, R&D, and other teams to ensure IT systems support business needs.
• Translate complex technical topics into clear, actionable guidance for non‑technical stakeholders.

Experience

• 8-12+ years of progressive IT experience, including senior leadership at a company of similar size/stage.
• Proven ability to lead IT end‑to‑end - strategy, execution, and hands‑on operations.
• Strong InfoSec and GRC background; experience building frameworks, BC/DR programs, and security policies.
• Experience with validated/regulated systems and ITGC or audit‑relevant controls.
• Hands‑on expertise with M365, SharePoint, IAM platforms, endpoint management, and SaaS administration.
• Experience managing and holding an MSP or outsourced IT team accountable.
• Industry experience in life sciences, healthcare, or another regulated environment preferred.

Preferred

• Experience working across multiple entities or parent/subsidiary structures.
• Cloud security familiarity (e.g., Azure, GCP) and ability to support developer/data teams.
• Experience with AI tool governance.
• Exposure to R&D, clinical, or specialized operational systems.

Who You Are

• A builder and a doer who is equally effective in strategic planning and hands‑on problem solving.
• Someone with an ownership mindset who proactively identifies and closes gaps.
• Comfortable navigating ambiguity and creating structure where needed.
• A clear, confident communicator who earns trust across teams.
• Data‑driven, decisive, and skilled at presenting tradeoffs and recommendations.
• Energized by a small, high‑impact environment where your work is highly visible.