Director of Security Operations

What You’ll Do

Reporting to the VP of Engineering, you will work closely with our Director of Privacy to design, implement, and operate the practical elements of our security posture. This includes areas like device management (MDM), authentication and access management, security-focused observability, and related tooling programs.

This is a hands-on role. Our security team is intentionally lean, so you’ll be directly involved in implementation, configuration, and ongoing operation, with support from our DevOps team when needed.

We’re looking for someone pragmatic and solution-oriented, able to design and implement strong, secure protocols that protect the business while still enabling us to move fast.

You’ll also support compliance efforts and customer-facing security needs, including audit preparation, security questionnaires, and occasional sales conversations where a security presence is helpful.

The role’s key responsibilities are listed below:

• Propose, implement, and configure practical security tooling and systems across:
• Cloud security (AWS environments, workload protection, misconfiguration detection)
• Identity & access management (SSO, MFA, access lifecycle)
• Endpoint security & device management (MDM)
• Logging, monitoring, and detection pipelines
• Partner with DevOps and development teams to embed security into CI/CD pipelines and infrastructure workflows
• Collaborate with the Director of Privacy on compliance, audits, and related activities (providing technical implementation and evidence support)
• Assess vendors and recommend build vs. buy decisions for security tools, with ownership of implementation and ongoing operation
• Operate, monitor, and continuously improve security systems and tooling, including alert tuning, vulnerability remediation follow-through, and system reliability
• Support customer security questionnaires and sales conversations as needed

What We’re Looking For:

• You thrive in a hands-on, fast-moving startup environment
• You have experience personally designing, implementing, and operating security tooling and controls
• You have working knowledge across core security domains, such as:
• Cloud / infrastructure security (AWS preferred)
• Identity and access management
• Endpoint / device management
• Detection & monitoring / observability
• Vulnerability management
• You have experience supporting compliance efforts and audits, including producing or validating technical evidence
• You have hands-on experience with SOC 2 and ISO 27001 (or similar) compliance frameworks
• You’re confident engaging with customers on security topics when needed
• You’re a clear communicator who can translate security concepts for technical and non-technical audiences
• You have a high level of professionalism and discretion

Additional Job Info:

• This position is for an existing vacancy
• This role is focused on direct execution and ownership; candidates who prefer primarily managing vendors or delegating implementation may not find this role a fit.

What Success Looks Like

• You own and operate security systems directly, not through delegation
• You deliver measurable improvements in detection quality, vulnerability remediation, and system reliability
• You establish yourself as a trusted execution partner to Engineering, DevOps, and Privacy
• You produce clean, reusable audit evidence with minimal overhead
• You make security predictable, scalable, and low friction across the organization

30 Days — Foundation & Visibility

• Build a strong understanding of Forma’s AWS environment, security tooling, CI/CD workflows, IAM model, detection setup, and vulnerability management process.
• Establish working relationships with DevOps, Engineering, Privacy, and key security stakeholders.
• Begin hands-on contribution by triaging alerts, reviewing vulnerabilities, validating remediation status, and identifying quick configuration improvements.
• Document gaps in visibility, tooling, processes, and immediate opportunities to reduce risk or noise.

60 Days — Ownership & Execution

• Take ownership of vulnerability management, detection operations, alert tuning, and response workflows.
• Independently investigate alerts, drive remediation with engineering teams, validate fixes, and close issues fully.
• Improve detection coverage, reduce false positives, address logging gaps, and introduce high-value automation where appropriate.
• Strengthen IAM and access lifecycle processes, including reducing privilege creep and unused access.
• Support audits and compliance by producing reliable technical evidence and validating control effectiveness.

90 Days — Optimization & Impact

• Fully own and operate security tooling, detection systems, vulnerability management, and incident response execution.
• Deliver measurable improvements in remediation timelines, alert quality, system reliability, and security coverage.
• Embed security into engineering workflows through CI/CD controls, automation, and practical guardrails.
• Establish repeatable processes for audit evidence, incident documentation, monitoring, and reporting.
• Build credibility as a trusted, hands-on security operator and partner to Engineering, DevOps, and Privacy.