Join Abridge as Director of Security Operations - Defend the Future of Healthcare AI!
Abridge is on a mission to power deeper understanding in healthcare using cutting-edge AI. We transform patient-clinician conversations into structured clinical notes in real-time, revolutionizing clinical documentation and allowing clinicians to focus on what matters most: their patients. As pioneers in generative AI for healthcare, we're setting industry standards for responsible AI deployment across health systems.
Ready to lead the charge in securing the next generation of healthcare AI?
We're seeking a highly motivated and experienced Director of Security Operations to build, lead, and mature our 24/7 operational security posture. This is a pivotal leadership role where you'll spearhead multidisciplinary teams focused on preventing, detecting, analyzing, and responding to security threats across our entire enterprise – from corporate infrastructure to production environments. If you have a passion for security automation, threat intelligence integration, and a commitment to operational excellence, this is your opportunity to make a significant impact.
Reporting directly to the Chief Information Security Officer (CISO), you'll be at the forefront of protecting our innovative technology and the sensitive data of our healthcare partners.
Your Mission, Should You Choose to Accept It:
Strategic Leadership & Operational Excellence:
Craft the Vision: Define and continuously evolve the strategy, vision, and roadmap for the Security Operations function, aligning with business objectives and risk tolerance.
Manage the Fortress: Oversee the Security Operations budget, forecasting expenditures for security tools, managed service providers, and personnel.
Quantify the Impact: Define, track, and report on KPIs and security metrics such as Mean Time to Detect (MTTD), Mean Time to Respond (MTTR), overall program effectiveness, true positives, total security events, security investigations, and alert fidelity.
Empower Your Team: Lead and mentor a growing, globally-distributed team, providing career development and regular performance feedback.
Core Security Operations Functions:
Threat Response Commander: Lead and manage the 24/7 threat detection and response function, overseeing incident triage, escalation, and coordination.
Digital Forensics Master: Lead technical investigations and digital forensics, establishing and maintaining digital forensics capabilities and chain-of-custody procedures.
Detection Engineering Architect: Oversee the lifecycle of detection-as-code, security alerts, rules, and logic. Drive the development and implementation of advanced threat detection content (e.g., SIEM correlation rules, EDR signatures) based on the MITRE ATT&CK framework.
Threat Intelligence Guru: Establish a formal Threat Intelligence program, including collection, analysis, enrichment, and dissemination of relevant threat information.
Security Infrastructure & Engineering:
Infrastructure Vanguard: Define the architecture, deployment, and optimization of core security infrastructure, including SIEM and SOAR platforms.
Automation Evangelist: Drive the development and implementation of security automation to reduce manual effort, increase operational speed, and enforce policy compliance.
Data Security Steward: Oversee security data engineering efforts, focusing on building and maintaining robust data pipelines, data lakes, and lakehouses for high-quality security event data.
Offensive Security & Enterprise Security:
Red Team General: Own the Red Team and Purple Team programs, overseeing penetration testing engagements and translating findings into actionable remediation plans.
Enterprise Security Architect: Lead the security architecture, engineering, and operations of the corporate IT infrastructure, including securing the SaaS ecosystem (SSPM), defining the authentication/authorization architecture, overseeing the Third-Party Risk Management (TPRM) program, IAM, endpoint security (EDR/XDR), email security, and network security controls (firewalls, zero-trust).
Physical Security / Life Safety:
Physical Security Guardian: Manage the physical security / life safety program for all corporate offices, including access control systems, video surveillance, and alarm monitoring.
Compliance Authority: Partner with Facilities/Real Estate and Ops teams to ensure all physical security measures align with local life safety codes and regulations.
International Security Liaison: Develop a travel policy and program that tracks and manages international travel, providing security protections and managing risk.
Crisis Management:
Crisis Commander: Lead the overall security response during major incidents and crises, serving as the senior security leader in cross-functional exercises and real-world events.
Communication Strategist: Develop and lead the strategy and execution for internal and external communication during high-severity security incidents.
Information Sharing Leader: Establish and maintain relationships for effective coordination with external entities, including regulatory bodies, law enforcement, and government to private sector information sharing groups.
What You'll Bring to the Table:
Experience: 10+ years of senior leadership experience in security, with 7+ years specifically in Security Operations, leading security teams, programs, or large-scale initiatives with a focus on threat detection engineering and incident response for a global SaaS company.
Business Acumen: Demonstrated experience running security as a business unit, including budget management, strategic forecasting, and translating technical risk into clear business impact (ROI) for executive leadership and the board.
Technical Depth: Deep technical expertise in operating and securing enterprise environments, including hands-on familiarity with SIEM/SOAR technologies and cloud security principles (GCP, AWS, or Azure).
Regulatory Knowledge: Proven experience operating in highly regulated industries, with strong knowledge of relevant security and privacy frameworks (e.g., NIST 800-53 / 800-171, FedRAMP, HIPAA, NIS2, etc.).
Communication: Exceptional communication and presentation skills, with the ability to convey complex security issues and operational risks to both technical teams and non-technical audiences, including executives, boards, customers, and government agencies.
Why Abridge?
We're not just building AI; we're building the future of healthcare. At Abridge, you'll:
Make a Real Impact: Your work will directly contribute to improving healthcare delivery and patient outcomes.
Work on Cutting-Edge Technology: Be at the forefront of generative AI in a rapidly evolving field.
Join a Passionate Team: Collaborate with a team of MDs, AI scientists, PhDs, creatives, technologists, and engineers who are driven to make a difference.
Grow Your Career: We're committed to supporting your professional and personal growth through ongoing learning opportunities and a supportive environment.
Perks & Benefits:
We take care of our team!
Generous Time Off: 14 paid holidays, flexible PTO for salaried employees, and accrued time off for hourly employees
Comprehensive Health Plans: Medical, Dental, and Vision coverage for all full-time employees and their families.
Generous HSA Contribution: If you choose a High Deductible Health Plan, Abridge makes monthly contributions to your HSA.
Paid Parental Leave: Generous paid parental leave for all full-time employees.
Family Forming Benefits: Resources and financial support to help you build your family.
401(k) Matching: Contribution matching to help invest in your future.
Personal Device Allowance: Tax free funds for personal device usage.
Pre-tax Benefits: Access to Flexible Spending Accounts (FSA) and Commuter Benefits.
Lifestyle Wallet: Monthly contributions for fitness, professional development, coworking, and more.
Mental Health Support: Dedicated access to therapy and coaching to help you reach your goals.
Sabbatical Leave: Paid Sabbatical Leave after 5 years of employment.
Compensation and Equity: Competitive compensation and equity grants for full time employees.
... and much more!
Ready to be a part of something big? Apply now and help us secure the future of healthcare AI!
Abridge is an equal opportunity employer and considers all qualified applicants equally without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran status, or disability.
Staying Safe - Protect Yourself from Recruitment Fraud
We are aware of individuals and entities fraudulently representing themselves as Abridge recruiters and/or hiring managers. Abridge will never ask for financial information or payment, or for personal information such as bank account number or social security number during the job application or interview process. Any emails from the Abridge recruiting team will come from an @abridge.com email address. You can learn more about how to protect yourself from these types of fraud by referring to this article. Please exercise caution and cease communications if something feels suspicious about your interactions.