Senior Director, Security Development and Operations

Why Ryan?

• Hybrid Work Options
• Award-Winning Culture
• Generous Personal Time Off (PTO) Benefits
• 14-Weeks of 100% Paid Leave for New Parents (Adoption Included)
• Monthly Gym Membership Reimbursement OR Gym Equipment Reimbursement
• Benefits Eligibility Effective Day One
• 401K with Employer Match
• Tuition Reimbursement After One Year of Service
• Fertility Assistance Program
• Four-Week Company-Paid Sabbatical Eligibility After Five Years of Service

The Senior Director, Security Development and Operations will provide strategic leadership and oversight of the organization's integrated security program, encompassing proactive threat management, secure software development practices, incident response, and team development. This leader will be instrumental in evolving the firm's security posture by refining incident response playbooks, championing a robust Secure Software Development Life Cycle (SDLC), and ensuring a proactive threat hunting and penetration testing regimen. Additionally, they will design and track key performance indicators (KPIs) and metrics to continually assess and enhance the effectiveness of the security operations and development programs. The Senior Director will work cross-functionally with engineering, IT, compliance, and product teams to embed security at every layer of the organization's technology stack and culture.
Duties and responsibilities, as they align to Ryan's Key Results

People:

Team Leadership and Development:

• Lead, mentor, and grow a high-performing team of security practitioners, including engineers, analysts, and architects, fostering a culture of continuous learning and collaboration.
• Provide guidance and hands-on training to elevate team capabilities in penetration testing, incident response, and threat hunting.
• Identify skill gaps, promote professional development, and ensure alignment of security team activities with organizational goals.

Client:

Security Controls and Solutions Management:

• Develop and maintain foundational security controls and solutions, including Endpoint Detection and Response (EDR), SIEM platforms, Email Security systems, and Cloud Security controls.
• Evaluate, select, and optimize security technologies to ensure comprehensive threat coverage, alignment with regulatory requirements, and cost-effective risk reduction.
• Collaborate with stakeholders to ensure solutions integrate seamlessly with existing infrastructure and workflows.

Value:

Secure SDLC and Architecture:

• Partner with engineering, product, and IT teams to design and maintain a robust Secure SDLC, embedding security controls and checks throughout the development pipeline.
• Review and refine security architecture to ensure that applications and infrastructure adhere to best practices and industry standards.
• Integrate automated security testing, code analysis, and vulnerability scanning into development workflows to minimize risk and accelerate secure code delivery.

Incident Response and Threat Management:

• Oversee the continuous improvement of incident response playbooks and processes, ensuring efficient, repeatable workflows for detecting and addressing security incidents.
• Direct proactive threat hunting initiatives, leveraging threat intelligence, advanced analytics, and tooling to identify and mitigate risks before they can be exploited.
• Guide the implementation of remediation strategies and assess their efficacy against emerging threats.

Penetration Testing and Security Assessments:

• Establish and evolve a formal penetration testing program, ensuring the use of recognized methodologies (e.g., OWASP, PTES) and industry-standard tools.
• Ensure the team remains current on penetration testing best practices, regularly assessing critical systems, applications, and infrastructure.
• Oversee the documentation and presentation of penetration testing findings, including recommended remediation steps and timelines.

Metrics, KPIs, and Reporting:

• Define, implement, and regularly review KPIs and metrics to quantify the effectiveness and maturity of security operations, development practices, and threat management efforts.
• Communicate program performance and trends to executive leadership, along with data-driven recommendations for continuous improvement.
• Maintain transparency and accountability by delivering clear, concise reports that highlight progress, challenges, and opportunities.

Other Threat Management Duties as assigned

Education and Experience:

• Bachelor's degree in Computer Science, Cybersecurity, Information Systems, or related field; Master's degree preferred.
• 12+ years of progressive experience in cybersecurity, including leadership roles overseeing SOC operations, secure development practices, and proactive threat management.
• Demonstrated success in guiding teams through complex security initiatives and maturing security programs.

Computer Skills:

• Strong proficiency in both Microsoft Windows and Linux operating systems.
• Ability to write and understand code and scripting languages (e.g., Python, Bash, PowerShell) for automation, tooling integration, and validation of security controls.
• Understanding of common penetration testing methodologies and primary security assessment tools (e.g., Nmap, Metasploit, Burp Suite).
• Knowledge of foundational security controls (EDR, SIEM, Email Security gateways, Cloud Security platforms) and their strategic deployment.
• Familiarity with regulatory frameworks, compliance standards (e.g., NIST CSF 2.0, SOC2), and industry best practices.

Certificates and Licenses:

• CISSP, OSCP, CEH, GCIH, or similar certifications preferred.
• Valid driver's license required.

Supervisory Responsibilities:

• This position will have supervisory responsibilities, overseeing multiple security team members and functions.

Equal Opportunity Employer: disability/veteran