[Remote] Senior Director Cybersecurity Operations and Risk

Note: The job is a remote job and is open to candidates in USA. UNFI is seeking a Senior Director of Security Operations and Risk to lead their defensive security strategy and operational execution. The role involves overseeing the security operations center, vulnerability management, and governance, risk, and compliance to enhance the organization's security posture.

Responsibilities

• Develop and implement a multi-year roadmap for Defensive Security that aligns SecOps, Vulnerability Management, and GRC objectives with the organization's corporate risk priorities, security architecture, and evolving business needs
• Act as the main point of contact for defensive security metrics, delivering clear, data-driven insights on threat of resilience and residual risk to the CISO and executive leadership
• Oversee the lifecycle of security policies and standards, ensuring compliance, technical enforceability, and practicality for the business. Ensure that streamlined processes and comprehensive runbooks are established
• Direct 24/7 SOC operations to deliver best-in-class monitoring, advanced threat detection, proactive analysis, dynamic threat hunting, and rapid incident response
• Manage escalations of anomalous activities, vulnerabilities, and major cyber events by ensuring swift triage, coordinated response efforts, and consistent alignment with goals
• Advance protection and detection capabilities by leveraging cutting-edge analytics, automation, innovative engineering, and recognized cybersecurity architectural best practices
• Create an inclusive, high-performance environment that supports continuous learning and career development for security analysts, engineers, and risk professionals
• Implement of retention and succession plans to address the pressures and burnout risks common in high-tempo defensive operations
• Foster a culture of transparency and accountability, empowering team members to proactively identify and address systemic security weaknesses
• Direct proactive threat hunting, red-team simulations, and tabletop exercises to validate incident response readiness and uncover hidden architectural gaps
• Maintain continuous audit readiness by automating compliance evidence collection to support seamless internal and external reviews without unexpected issues
• Inspire high-performing teams and cultivate workforce excellence
• Performs other duties as assigned

Skills

• Bachelor's degree in computer science, information systems or related field
• At least 1 industry recognized data, compliance, and/or cybersecurity certification
• 12+ years in cybersecurity with a focus in security operations, monitoring, detection, investigation, and threat intelligence
• 5+ years in a leadership position overseeing and leading a security operations program
• More than 5 years of hands-on experience with risk management frameworks (such as NIST CSF, ISO 27001, and FAIR), with a focus on data-driven risk beyond basic compliance
• Experience in managing complex third-party relationships, including auditing service provider performance against SLAs and ensuring high-fidelity alerting
• Experience in leading a team, identifying skill gaps and creating career paths
• Demonstrated success leading enterprise-wide vulnerability management programs, emphasizing risk-based prioritization and cross-departmental remediation workflows
• Proven incident commander experience, with the ability to lead high-pressure response efforts and clearly communicate impact to executive leadership and legal counsel
• Incident Orchestration & Resilience: Experience leading strategic responses to high-impact security events, prioritizing business continuity and long-term remediation
• Strategic Security Governance: Expertise in scaling Governance, Risk, and Compliance (GRC) frameworks across business units to address changing regulatory and industry standards
• Next-Generation Architecture: In-depth knowledge of Zero Trust and SASE frameworks, with a focus on replacing legacy VPN environments
• Emerging Tech Governance: Understanding of risks and security requirements for agentic AI workflows and autonomous entities
• Executive Risk Communication: Ability to translate complex technical vulnerabilities and architectural changes into clear, business-focused narratives for Board and executive stakeholders
• Strategic Vendor & MSSP Management: Proficient in managing Managed Security Service Providers (MSSPs) and large-scale SaaS vendors to ensure alignment with strategic KPIs
• Data Security & Privacy Leadership: Ability to develop and implement data protection strategies that comply with policies, standards, controls, and regulations
• Organizational Transformation: Ability to lead large-scale cultural shifts toward security-first practices while maintaining operational efficiency and developer productivity
• Metrics-Driven Performance Management: Ability to define and report on maturity-based security metrics that demonstrate program ROI and risk reduction to senior leadership
• Good judgment is required for this position as there may be times when direct supervision may not be immediately available

Benefits

• Paid Time Off
• Sick Time
• Paid holidays and parental leave
• 401K Program
• Medical, dental, vision, life, and accidental death/dismemberment insurance
• Short-term and long-term disability insurance program
• Flexible Spending Account and/or Health Savings Account, subject to meeting the eligibility requirements and the terms and conditions of these programs, and subject to any requirements under applicable collective bargaining agreements

Company Overview

Company H1B Sponsorship