Description

The Sr. Director, Security Architecture and Operations is a strategic leader with extensive hands-on experience, responsible for designing, implementing, and governing enterprise security solutions across cloud and end-user environments.

This role is responsible for developing and maintaining a robust security architecture that safeguards user devices, collaboration platforms, productivity suites, identity systems, and core infrastructure. The goal is to ensure secure, resilient, and compliant security operations for all employees and business units.

The Sr. Director, Security Architecture and Operations leads a team of security analysts, engineers, and architects to promote the adoption of modern security frameworks, such as Zero Trust. 

This position will be responsible for four primary functions:

The Sr. Director, Security Architecture and Operations is a full-time, remote, exempt position and reports to the CISO.

Base Salary Range: $220,000 - $240,000 annually.

Specific Responsibilities:

• Assist the CISO in setting strategy and operating a modern, risk-based security program, champion a cloud-first threat modeling methodology, and leverage CAQH's AI capabilities to increase consistency, coverage, and speed-while keeping expert human judgment at the core.
• Partnering with Engineering, Product, Security, Compliance, and Technology, define patterns, standards, and guardrails that enable teams to build securely.
• Develop a cloud-first threat model and attack tree methodology; support engineers through pattern-led, pre-reviewed development plans.
• Deliver best-in-class, risk-based, human-led security review processes across services and products, from design through production.
• Define and govern secure-by-design architecture standards, reusable security patterns, and reference implementations for cloud-native services.
• Integrate security architecture into SDLC and platform workflows (design reviews, SDL gates, IaC, CI/CD), prioritizing automation and developer experience.
• Partner with Engineering, Product, Technology, Data, Privacy, and Compliance to mitigate risk, meet regulatory obligations, and improve resilience.
• Establish KPIs/OKRs (risk reduction, review SLAs, MTTR) and report progress and risk posture to leadership.
• Conduct and oversee high-impact architecture reviews, and vendor/third-party security assessments; guide build-vs-buy decisions.
• Translate emerging threats and standards into actionable guidance (e.g., cloud, secrets, data protection).
• Drive incident learnings back into design  and controls; ensure auditability and documentation for internal/external reviews.
• Champion responsible use of AI and data handling in security tooling and processes, aligned with CAQH's security, privacy, and compliance guidelines.
• Designing and implementing enterprise security architecture that aligns with business needs and regulatory compliance.
• Defining and driving threat and vulnerability management strategies, proactively mitigating risks to infrastructure, applications and data.
• Respond to incidents swiftly and decisively through building effective data paths from telemetry generating services to SIEM.

Supervisory Responsibilities:

Five (5) Information Security Team Members

Skills: 

• Technical Depth: Expertise in cloud security, DevSecOps, EDR/XDR
• Incident Response: Demonstrated expertise in directing responses to advanced security breaches and incidents.
• Ability to present complex security topics to both technical and non-technical executives
• Team Leadership: Skilled in leading, developing, and managing teams.

Experience:

• 10 years in IT, including at least 3 years in a leadership position such as Director, V.P. or head of Security.
• Demonstrated expertise in overseeing Security Operations Center (SOC) activities, administering SIEM platforms, and managing relationships with managed service providers (MSPs) and vendors.

Education:

• Bachelor's degree preferred.
• Relevant industry certifications in CISSP, CISM, CCSP certifications preferred.

PI280705499