Director, (Cyber) Security Operations

Bertelsmann

$120K — $150K *
Information Technology
8 - 10 years of experience
Job Overview by Ladders

Qualifications

  • 10+ years of experience in cybersecurity or related tech roles
  • 5+ years in security operations leadership or incident response
  • Bachelor's degree in Cybersecurity, Information Security, or a related field
  • Proven track record in leading security monitoring and incident response programs
  • Experience managing security operations center (SOC) operations
  • Background in vulnerability operations and security tooling optimization
  • Capability to develop operational metrics and executive performance reporting

Responsibilities

  • Lead the strategic direction for the security operations function
  • Oversee security operations center (SOC) capabilities and monitoring coverage
  • Direct the incident response lifecycle from triage to recovery
  • Establish operational processes and standard procedures for security events
  • Improve vulnerability operations in collaboration with tech teams
  • Manage and enhance core detection and response technologies
  • Drive detection engineering and automation initiatives

Benefits

  • Opportunity to work in a collaborative environment
  • Professional development through regular manager interactions
  • In-office work requirement approximately 40 days per quarter in Morrisville, NC
  • Potential for involvement in shaping security strategies
  • Engagement with diverse cross-functional stakeholders
Full Job Description
Job Description

The Director of (Cyber) Security Operations is a cyber leadership role responsible for establishing, directing, and continuously maturing the organization's security operations capabilities to detect, prevent, respond to, and recover from cybersecurity threats and incidents. This role provides strategic and operational leadership across security monitoring, incident detection and response, threat intelligence, vulnerability operations, logging and telemetry management, and security operations tooling. The Director partners closely with infrastructure, cloud, application, architecture, legal, privacy, compliance, and business stakeholders to ensure operational security capabilities are aligned with enterprise risk priorities, regulatory obligations, and business resiliency requirements. The role is accountable for building and leading a high-performing operations team, defining operational procedures and escalation protocols, driving continuous improvement through automation and metrics, and ensuring the organization can rapidly identify and address cyber events in a manner that protects systems, data, customers, and business operations.

WHAT YOU'LL BE DOING:
• Lead the strategic direction, operating model, and maturity roadmap for the security operations function, including monitoring, detection, response, and operational resilience activities.
• Oversee security operations center (SOC) capabilities, whether internal, outsourced, or hybrid, and ensure monitoring coverage for critical enterprise, cloud, endpoint, identity, network, and application environments.
• Direct the end-to-end incident response lifecycle, including triage, investigation, containment, eradication, recovery, escalation, and post-incident lessons learned.
• Establish and maintain operational processes, standard operating procedures, escalation criteria, and playbooks for security events, incidents, and crisis situations.
• Lead and improve vulnerability operations in partnership with infrastructure, engineering, and application teams, including prioritization, remediation oversight, exception handling, and reporting.
• Manage and optimize core detection and response technologies such as SIEM, SOAR, EDR/XDR, case management, threat intelligence, email security, and related operational tooling.
• Drive detection engineering, use-case development, alert tuning, and automation initiatives to improve fidelity, reduce noise, and accelerate response times.
• Coordinate with legal, privacy, compliance, human resources, communications, and executive leadership during significant cybersecurity incidents and investigations.
• Support digital forensics, threat hunting, and root cause analysis efforts as needed for material incidents or suspicious activity.
• Partner with security architecture, engineering, and IT operations teams to improve control effectiveness, close operational gaps, and strengthen preventive and detective capabilities.
• Lead service reviews and performance oversight for managed security service providers, technology vendors, and other external partners supporting operational security functions.
• Coach, develop, and performance-manage analysts, engineers, and operational leaders while fostering a resilient, accountable, and continuously improving team culture.

Qualifications

YOU'VE GOT WHAT IT TAKES IF YOU HAVE/ARE:
• 10+ years of progressive experience in cybersecurity, information security, or related technology roles.
• 5+ years of leadership experience in security operations, incident response, threat detection, or a comparable cyber operations function.
• Bachelor's degree in Cybersecurity, Information Security, Computer Science, Information Technology, Engineering, or a related field; or equivalent combination of education and relevant professional experience.
• Demonstrated experience leading security monitoring and incident response programs in a mid-sized or large enterprise environment.
• Experience managing or overseeing SOC operations, including internal teams, managed security service providers, or hybrid operational models.
• Experience leading significant cybersecurity incidents, investigations, and post-incident remediation efforts.
• Experience with vulnerability operations, remediation governance, and security operations tooling strategy and optimization.
• Experience developing operational metrics, executive dashboards, and performance reporting for leadership audiences.
• Experience managing technical teams, vendors, and cross-functional stakeholders in support of enterprise security objectives.

EXPERIENCE/EDUCATION PREFERRED:
• Master's degree in Cybersecurity, Information Assurance, Computer Science, Business Administration, or a related discipline.
• Professional certifications such as CISSP, CISM, GIAC, GCIA, GCIH, or other relevant security operations, incident response, or leadership credentials.
• Experience in SaaS, cloud-native, highly regulated, or customer-facing technology environments.
• Experience aligning operational practices to recognized frameworks or standards such as NIST CSF, NIST SP 800-61, ISO 27001, CIS Controls, SOC 2, PCI DSS, HIPAA, or other applicable requirements.
• Experience building or maturing detection engineering, threat hunting, digital forensics, or crisis management capabilities.
• Experience supporting customer-facing security reviews, external audits, or regulatory examinations involving operational controls.

Additional Information

IN OFFICE REQUIREMENT:

Relias values collaboration and wants to ensure that our team members have opportuniites to work with their managers regularly for professional development opportunities. This role requires that you live in the state of North Carolina, within a commutable distance to our office. You would be expected to work in our Morrisville, NC Headquarters approximately 40 days/quarter.

Similar Jobs

More Jobs at Bertelsmann

More Information Technology Jobs

Find similar Director, (Cyber) Security Operations jobs: