Exec Director, Cyber Defense Operations

Job Description: 

The Executive Director of Defense Operations, within the Cyber Defense organization, is responsible for defining and executing a multi‑year, enterprise‑wide strategy for the Security Operations Center and the Computer Security Incident Response Team functions.

This role provides executive leadership for 24x7 security operations capability, ensuring rapid identification, containment, and remediation of cyber threats while continuously advancing the maturity, scalability, and effectiveness of detection and response programs. This role necessitates ability to rapidly triage and categorize remediation efforts, effective dissemination of tasks to pertinent business and technology units, and is a reliable source of understanding the scope and implication (business and/or compliance) of unfolding events. 

This leader sets the long‑term vision and operating model for security operations, integrating threat intelligence, threat hunting, automation, orchestration, and advanced analytics to improve outcomes at enterprise scale, while driving pertinent alignment and relationships with colleague executives in the business lines within CVS. 

The Executive Director drives the adoption of leveraged agentic, autonomous and automation capabilities to enhance anomaly detection, threat modeling, remediation triage and predictive response. Partnering closely with business, technology, legal, compliance, and executive stakeholders, this role ensures security operations align with business objectives, regulatory requirements, and evolving threat landscapes. In addition, the Executive Director mentors senior leaders, develops high‑performing global teams, and delivers executive‑level insights, metrics, and strategic guidance that strengthen organizational resilience. 

Responsibilities: 

• Develop, maintain and execute the enterprise-wide detection and response program aligned with Cyber Defense, larger business objectives, and regulatory requirements. 

• Develop, own and maintain the enterprise Detection and Response Maturity Model, Strategy, Roadmap and Operating Model. 

• Lead and mentor a team of Triage, Detection Engineers, Threat Hunters, and Incident Response professionals, fostering a culture of continuous improvement and operational excellence. 

• Strategize with senior leaders across Product, Engineering, and Security. You are a key stakeholder in the company's direction, advocating for the telemetry and architectural changes required to support future detection use cases. 

• Serve as the Incident Commander for major security incidents, coordinating technical teams and executive leadership 

• Develop innovative and cutting-edge detection content aligned with ATT&CK, ATLAS, D3FEND and various other cyber security frameworks 

• Identify and surface patterns to leadership regarding root causes of problems. You anticipate future challenges and own the delivery of solutions before they become bottlenecks. 

• Ensure tracking of OKRs aligned to maturity models, defining, tracking and reporting on KPIs and KRIs to track operational and strategic improvements 

• Partner with threat intelligence, other security teams to enhance detection and response capabilities. 

• Act as a liaison with legal, compliance, and public relations during high-impact incidents. 

• Provide executive-level briefings and actionable insights to senior leadership. 

• Drive automation and orchestration initiatives to improve operational efficiency. 

• Monitor emerging threats and adapt operations, tactics, and strategies accordingly. 

• Lead tabletop exercises and other simulations to validate readiness. 

Required Qualifications:  

• 15+  years of experience in cybersecurity with 8 years in a leadership role managing global detection and response, threat hunting, or security operations teams. 
• Experience developing and executing a long-term strategic vision for security operations at an enterprise scale. 
• Experience leveraging automation and orchestration (i.e., SOAR) to improve the efficiency and effectiveness of a security operations center (SOC). 
• Experience with the application of AI and Machine Learning (AI/ML) on security data for anomaly detection, threat modeling, and predictive security. 

• Experience managing a globally distributed 24/7 security operations team. 

• Experience defining and driving a multiyear strategy for threat detection and response. 

• Strong understanding of security frameworks, risk management, and incident response 

• Deep understanding of people, process, technologies of successful cybersecurity program 

• Strong leadership and people management skills 

• Strong project management and time management skills 

• Proficient in analyzing operational data and creating visualizations and reports 

• Strong communicator, verbal and written, with presenter skills 

Education 
Bachelor's degree required or demonstration of specialized training in the areas of SOC / CSIRT military or like-structured methodology 

Advanced Degree preferred ; technical certifications in advanced management of security incident and remediation will be considered.