Senior Manager, Security Operations

Reporting to the Senior Manager, Security and partnering with Engineering, the Manager, Security Operations will own the application security management functions including vulnerability management, penetration testing, threat modeling and secure application design. This is a full time position that is fully remote.

What you’ll be doing: 

• Build and lead a global SecOps function (people, process, tech), including hiring plans, on-call rotations, and MSSP governance; publish a multi-year SecOps roadmap. 
• Detection engineering & threat-led defense: roadmap for detections, adversary emulation
• Familiarity with AI risk, security and safety. Help prepare the org to operate an ISO/IEC 42001 AI management system 
• Regulatory-grade incident response: lead enterprise incidents, exec/Board comms, postmortems, and regulator/customer notifications for HIPAA/GDPR; coordinate forensics and eDiscovery. 
• Healthcare posture: ensure HITRUST control implementation and audit readiness; map SecOps controls to payer/provider customer requirements. 
• Metrics & maturity: define NIST Cyber Security Framework aligned maturity targets; publish quarterly risk and performance reports.
• Mentor and guide security engineers, fostering professional growth and development through one-on-ones, coaching and real-time feedback
• Collaborate closely with cross-functional teams, consulting on security requirements and ensuring timely, high-quality delivery

What success looks like in this role:

• Reduced Mean Time To Detect, Mean Time To Respond, Mean Time To Contain
• Decreased False Negative Rate for security alerts
• Improved coverage of monitoring tools
• Commitment to team development
• Define and drive security related KPIs, including detection engineering, alert precision, and detection coverage
• Incident readiness: perform regular tabletops, training sessions, and incident postmortem after actions
• Meet SLAs for patching and incident response. Backlog burn-down based on risk
• Foster relationships with other internal teams as well as MSSP vendors

What we expect from you: 

10-14 years of information security experience in a fast-moving, high growth environment, with 4-6 years leading a SecOps / SOC or IR teams

• Have a demonstrated track record of building high-quality security programs and cross-functional collaboration within a highly regulated environment
• Own a 24×7 global SOC (in-house + MSSP) with follow-the-sun coverage; set detection strategy, playbooks, and budgets; report risk and response posture to execs/Board. 
• Integrate AI risk into SecOps: stand up controls and monitoring aligned to the NIST AI RMF and plan toward ISO/IEC 42001 certification/readiness for AI-enabled or AI-developed features. 
• Healthcare + international compliance at scale: align SecOps with HIPAA/HITECH/HITRUST, SOC 2, ISO 27001, GDPR/UK GDPR, and data-residency requirements; partner with Privacy/Legal on cross-border incident handling and DPAs. (Representative healthcare and HITRUST-heavy job specs show these expectations at senior levels.) 
• Security engineering leadership at breadth: drive detection engineering, EDR/XDR, cloud (multi-cloud) controls, identity/PAM, vuln mgmt, purple-team program, and crisis management/tabletops. (Common in senior SOC roles.)
• Desired Skills:
• AWS cloud security / architecture
• Identity / IAM / access management
• Data Loss Prevention
• SASE solutions
• EDR solutions
• SIEM management
• Terraform or other infrastructure as code
• Excellent written and verbal communication skills
• Nice to Have
• Security or Compliance related certifications, such as CISM, CRISC, CGEIT, CCISO, etc
• Google Workspace administration experience
• Okta administration experience

The target base salary range for this position is $179,100 - $218,550 and is part of a competitive total rewards package including stock options and benefits. Individual pay may vary from the target range and is determined by a number of factors including experience, location, internal pay equity, and other relevant business considerations. We review all employee pay and compensation programs annually using Radford Global Compensation Database at minimum to ensure competitive and fair pay. 

Note: We have even more benefits than listed here and below, your recruiter will provide more in-depth information as you continue in the interview process. Benefits are subject to individual plan requirements and eligibility criteria.

• Health, Dental, Vision benefits start on your first day at Spring. You and your dependents also receive access to One Medical accounts HSA and FSA plans are also available, with Spring contributing up to $1K for HSAs, depending on your plan type.
• Employer sponsored 401(k) match of up to 2% for retirement planning
• A yearly allotment of no cost visits to the Spring Health network of therapists, coaches, and medication management providers for you and your dependents.
• We offer competitive paid time off policies including vacation, sick leave and company holidays.
• At 6 months tenure with Spring, we offer parental leave of 18 weeks for birthing parents and 16 weeks for non-birthing parents.
• Access to Noom, a weight management program—based in psychology, that’s tailored to your unique needs and goals. 
• Access to fertility care support through Carrot, in addition to $4,000 reimbursement for related fertility expenses.
• Access to Wellhub,  which connects employees to the best options for fitness, mindfulness, nutrition, and sleep in one subscription
• Access to BrightHorizons, which provides sponsored child care, back-up care, and elder care
• Up to $1,000 Professional Development Reimbursement a year.
• $200 per year donation matching to support your favorite causes.