Director, IT Security Operations

Job Location: Bridgewater, New Jersey, USA

Job Requisition ID: 15085

Join our global diversified pharmaceutical company enriching lives through our relentless drive to deliver better health outcomes to our patients. We are all in it together to make a difference. Be a part of a culture that doesn't just wait for change but actively creates it—where your skills and values drive our collective progress and impact.

The Director of IT Security Operations leads and continuously matures global security operations, overseeing the enterprise Security Operations Center (SOC), incident response, vulnerability management, and security monitoring across on-prem, cloud, and artificial intelligence (AI)-enabled platforms through a blend of internal teams and Managed Service Providers (MSPs). Accountable for timely, compliant detection and response—driving disciplined operations, measurable improvements, and threat-informed defenses that reduce risk. Success is measured by metrics such as mean time to detect (MTTD), mean time to respond (MTTR), containment time, vulnerability remediation SLA attainment, false-positive rate, and timely closure of audit findings.

This is a hybrid role based out of the Bridgewater NJ office (Tuesday, Wednesday, Thursday in office)

Key Responsibilities:

Security Operations & SOC Oversight

• Lead the 24x7x365 global SOC,consisting of internal staff and MSPs, including operating models, staffing, and service delivery.
• Set governance, service-level agreements (SLAs), metrics, and escalation paths for SOC services.
• Improve monitoring, alerting, and response across endpoints, networks, identity, software as a service (SaaS), and cloud; ensure consistent execution from triage through post-incident review.
• Own security information and event management (SIEM) and detection engineering strategy, including log onboarding, correlation, tuning, and integration with incident response (IR) workflows.
  
  

Incident Response Leadership

• Function as the escalation lead for major security incidents, e.g., intrusions, ransomware, malware, data exposure, Distributed Denial-of-Service (DDoS), insider risk, and third-party events.
• Coordinate response with IT, Legal, Human Resources, Privacy, Compliance, Communications, and external partners.
• Own and mature the Incident Response Program (policies, playbooks, exercises), ensuring thorough documentation, root-cause analysis, and corrective actions tracked to closure.
  
  

Vulnerability Management

• Own the enterprise vulnerability management program (governance, risk-based prioritization, remediation tracking, and reporting).
• Oversee vulnerability discovery across infrastructure, endpoints, applications, cloud, and third parties; partner with teams to drive timely remediation based on risk and exploitability.
• Provide executive visibility into risk posture, trends, and remediation effectiveness.
  
  

AI & Emerging Technology Security Operations

• Extend monitoring, IR, and vulnerability practices to AI-enabled platforms and services.
• Partner with Security Architecture, AI Governance, and Risk to ensure AI events (misuse, data leakage, model risks) are detectable and operationally manageable as capabilities evolve.
  
  

Governance, Risk & Audit Support

• Support audit readiness, regulatory compliance, and incident reporting with Governance, Risk, and Compliance (GRC), Privacy, Compliance, and Internal Audit.
• Align operations to frameworks, e.g., National Institute of Standards and Technology (NIST), ISO/IEC 27001/27002 (information security) and ISO/IEC 42001 (AI management system), Center for Internet Security (CIS) Controls, and implement tools/standards driven by operational findings and emerging risk.
  
  

Leadership & Communication

• Build strong partnerships across IT, Security, and business stakeholders; deliver executive-ready reporting on incidents, operational health, and risk trends.
• Develop and mentor security operations leaders, reinforcing accountability, resilience, and continuous learning.
  
  

Qualifications & Experience:

• 10 years in Information Technology with 5 years in security operations, including leading teams and MSPs
• Bachelor’s degree in IT, Computer Science, Security required
• Strong grasp of the threat landscape, incident investigation/root-cause analysis, and executive communication
• Working knowledge of frameworks and regulations, e.g., NIST, ISO/IEC, CIS Controls
• Experience operating in cloud, SaaS, and emerging technology environments, including AI-enabled platforms
• Certifications, e.g., Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Ethical Hacker (CEH), CompTIA Security , strongly preferred
  
  

The range of starting base pay for this role is 105K-145K. Actual starting pay will be based on a wide range of factors including, but not limited to, relevant skills, experience, qualifications, education and location. In addition to base pay, this position is eligible for participation in either (i) our annual bonus program or (ii) a sales incentive plan.

Benefits package includes comprehensive Medical (includes Prescription Drug), Dental, Vision, Flexible Spending Accounts, 401(k) with matching company contribution, 3-weeks paid time off plus paid sick time, stock purchase plan, tuition reimbursement, parental leave, short- and long-term disability, life insurance, accidental death & dismemberment insurance, 12 paid holidays (including floating holidays), employee referral bonuses and employee discounts.

\

We are an Equal Opportunity Employer. EOE Disability/Veteran. We are committed to building diverse teams, representative of the patients and communities we serve, and we strive to create an inclusive workplace that cultivates collaboration.