Director, IT and Cybersecurity Operations

Role Summary

The IT and Cybersecurity Operations Director will report to Vera’s Head of Core Technology and Cybersecurity and will be responsible for tasks related to the operations and engineering of Core Technology (infrastructure) and cybersecurity. This role leads the Help Desk team and the cybersecurity operations center and collaborates with other IT and business partners.

Responsibilities

• Lead day-to-day system operations:
• Help Desk team
• Field Depot and Field Help Desk team
• Cybersecurity Operations Center
• Ensure the reliable and secure operations of the company’s IT core systems and infrastructure, including desktops, servers, printers, network, telecommunications and conference room AV.
• Ensure new employees and contractors have a positive onboarding experience and that proper off-boarding steps and controls related to IT and business functions are taken (e.g. SOX, GxP controls and processes).
• Define and maintain functional OKRs and metrics for core tech and cybersecurity systems.
• Identify opportunities for changes to reduce operating costs while maintaining a positive user experience.
• Maintain IT budget and support budget processes.
• Perform capacity planning and management exercises to ensure performance is in line with organizational needs.
• Foster a cybersecurity aware culture. Act as an evangelist for security awareness. Collaborate with cross-functional teams to embed cybersecurity best practices into all IT organizational processes.
• Support the adoption of an ITSM solution.
• Support relationships with business partners to ensure business requirements are captured and addressed.
• Contribute to core technologies and cybersecurity strategic roadmap and support and lead the selection and adoption of new technologies that will be part of the Core Tech and Cybersecurity stacks.
• Maintain relationships with key Core Tech and Cybersecurity partners ensuring agreed-upon SLAs are met.
• Lead incident response activities (cyber and operational) including root cause analysis, remediation recommendations, and complete lessons-learned documentation.
• Oversee Disaster Recovery program, ensuring integrity and reliability of system backups, restorability, and IT disaster preparedness.
• Enable teams to ensure timely delivery of project initiatives, through planning, hands-on work, and external vendor management.
• Perform third-party security and privacy risk assessments for new solutions being brought in to support the business, Core Tech and Cybersecurity.
• Develop and maintain SOPs and work instructions related to Core Tech and Cybersecurity processes and technology.
• Develop and maintain solution architectures that ensure key security and business systems are appropriately secured and monitored (e.g. AWS, Azure monitoring).
• Develop clear, concise communications for stakeholders regarding new initiatives, IT policies, rollouts, threats, and incidents.
• Support compliance requirements such as SOX, GDPR, GxP by working with IT and business partners to understand and implement required technical controls.

Qualifications

• Bachelor’s degree in computer science, Information Security, or related field, with 10+ years of experience with a demonstrated increase of responsibilities and scope including leading and managing a team of direct reports (FTEs and contractors). Strong ability to prioritize work efforts balancing business needs, risk, user experience, etc.
• Proven experience running Microsoft 365 environments and common tool sets, help desk services and team management, user onboarding and device deployment, ITSM and change management.
• Proven experience with incident response, vulnerability management, identity provider, data security / data loss prevention, SIEM, PAM.
• Strong understanding of network, cloud management and cloud security concepts, including VPNs, SASE, firewalls, identity and access management (IAM), and secure architecture for cloud platforms such as AWS and Azure. Familiarity with cloud-native security services such as AWS GuardDuty, Security Hub, Azure Security Center.
• Experience developing and maintaining IT and security policies (e.g. BYOD) procedures, and configuration baselines; familiarity with frameworks such as NIST, CIS, or ISO 27001.
• Ability to support incident investigations, perform root cause analysis, and contribute to remediation and prevention measures.
• Strong written and verbal communication skills, with the ability to translate technical concepts for non-technical audiences and work effectively across teams. Experience documenting policies and procedures.
• Self-motivated with a strong ability to operate in a start-up environment.
• Strong project management skills and ability to work to deadlines successfully managing multiple business-driven initiatives.

Education

• Bachelor’s degree in computer science, Information Security, or related field.