Job Description:

The Executive Director ofDefenseOperations, within the Cyber Defense organization, is responsible for defining and executing a multiyear, enterprisewide strategy forthe Security OperationsCenter andthe Computer Security Incident Response Team functions.

This role provides executive leadership for 24x7 security operations capability, ensuring rapid identification, containment, and remediation of cyber threats while continuously advancing the maturity, scalability, and effectiveness of detection and response programs.This role necessitates ability to rapidly triage and categorizeremediation efforts, effective disseminationof tasksto pertinent business and technologyunits, andis a reliable source of understanding the scope and implication (business and/or compliance) of unfolding events.

This leader sets the longterm vision and operating model for security operations, integrating threat intelligence, threat hunting, automation, orchestration, and advanced analytics to improve outcomes at enterprise scale, while driving pertinent alignment and relationships with colleague executives in the business lines within CVS.

The Executive Director drives the adoption ofleveraged agentic,autonomous and automation capabilities to enhance anomaly detection, threat modeling,remediation triageand predictive response. Partnering closely with business, technology, legal, compliance, and executive stakeholders, this role ensures security operations align with business objectives, regulatory requirements, and evolving threat landscapes. In addition, the Executive Directormentorssenior leaders, develops highperforming global teams, and delivers executivelevel insights, metrics, and strategic guidance that strengthen organizational resilience.

Responsibilities:

• Develop, maintainand execute the enterprise-widedetection and responseprogram aligned withCyber Defense, largerbusiness objectives,and regulatory requirements.

• Develop, own and maintain the enterpriseDetection and Response Maturity Model, Strategy,Roadmap andOperatingModel.

• Lead and mentor a team ofTriage, Detection Engineers, Threat Hunters, and IncidentResponse professionals, fostering a culture of continuous improvement and operational excellence.

• Strategize with senior leaders across Product, Engineering, and Security. You are a key stakeholder in the company's direction, advocating for the telemetry and architectural changes required to support future detection use cases.

• Serve as theIncident Commander formajor security incidents, coordinating technical teams and executive leadership

• Develop innovative and cutting-edge detection content aligned with ATT&CK, ATLAS, D3FENDand various other cyber security frameworks

• Identify and surface patterns to leadership regarding root causes of problems. You anticipate future challenges and own the delivery of solutions before they become bottlenecks.

• Ensure tracking of OKRs aligned to maturity models, defining, tracking and reporting on KPIs and KRIs to track operational and strategic improvements

• Partner with threat intelligence, other security teams to enhance detection and response capabilities.

• Act as a liaison with legal, compliance, and public relations during high-impact incidents.

• Provide executive-level briefings and actionable insights to senior leadership.

• Drive automation and orchestration initiatives to improveoperationalefficiency.

• Monitor emerging threats and adaptoperations, tactics, and strategiesaccordingly.

• Lead tabletop exercises andothersimulations to validate readiness.

RequiredQualifications:

• 15+ years of experience in cybersecurity with 8 years in a leadership role managing global detection and response, threat hunting, or security operations teams.
• Experience developing and executing a long-term strategic vision for security operations at an enterprise scale.
• Experience leveraging automation and orchestration (i.e., SOAR) to improve the efficiency and effectiveness of a security operations center (SOC).
• Experience with the application of AI and Machine Learning (AI/ML) on security data for anomaly detection, threat modeling, and predictive security.

• Experience managing a globally distributed 24/7 security operations team.

• Experience defining and driving a multiyear strategy for threat detection and response.

• Strong understanding ofsecurity frameworks, risk management, and incident response

• Deep understanding of people, process, technologies of successful cybersecurity program

• Strongleadershipand people managementskills

• Strong project management and time management skills

• Proficient in analyzing operational data and creatingvisualizationsand reports

• Strong communicator, verbal and written, withpresenterskills

Education
Bachelor'sdegreerequired or demonstration ofspecialized trainingin the areas of SOC / CSIRT military or like-structured methodology

Advanced Degreepreferred;technical certifications in advanced management of security incident and remediation will be considered.