Director, Security Operations

<p>Squarespace is seeking a skilled and detail-oriented leader to help with the Security team daily operations. You will report directly to the VP of Security / CISO and partner with teams throughout the organization to iteratively improve our security posture and programs. You will also lead the implementation of new security programs.</p> <p>This role will be based in our NY headquarters and hybrid (3x week).</p> <h2 data-pm-slice="1 1 []">You'll Get To…</h2> <h2>Strategic Programmatic:</h2> <ul> <li>Contribute to define, collect, and analyze security KPIs and KRIs for the security organization.</li> <li>Mentor and support more associate team members</li> <li><strong>Develop and implement a comprehensive security operations strategy and roadmap</strong> aligned with Squarespace's overall our goals and risk appetite. This goes beyond just "implementing new security programs" to encompass a holistic vision.</li> <li><strong>Oversee the Security Operations Center (SOC) activities</strong>, including threat detection, monitoring, analysis, and proactive hunting, ensuring 24/7/365 coverage as appropriate.</li> <li><strong>Establish and maintain a robust incident response program</strong>, including defining incident playbooks, leading major incident investigations, and conducting post-incident reviews to drive continuous improvement.</li> <li><strong>Manage and enhance the vulnerability management program</strong>, from identification and assessment to prioritization and remediation tracking across all Squarespace assets.</li> <li><strong>Lead efforts in security architecture review and design consultation</strong> for new products, features, and infrastructure changes to ensure security is built-in from the outset.</li> <li><strong>Identify, evaluate, and implement new security technologies and tools</strong> to enhance detection, prevention, and response capabilities.</li> <li><strong>Drive continuous improvement of security operations processes</strong> through automation, tooling, and best practices.</li> <li><strong>Stay abreast of emerging security threats, vulnerabilities, and industry trends</strong> and proactively advise leadership on necessary adjustments to strengthen Squarespace's security posture.</li> <li><strong>Contribute to the development and enforcement of security policies, standards, and guidelines</strong> across the organization.</li> </ul> <h2>Leadership Collaboration:</h2> <ul> <li><strong>Build, mentor, and lead a high-performing team of security professionals</strong>, fostering a culture of continuous learning, collaboration, and accountability. This explicitly states the "building" aspect of a team.</li> <li><strong>Act as a key liaison and trusted advisor to internal stakeholders</strong> (e.g., Engineering, Product, Legal, Compliance, IT) on security-related matters.</li> <li><strong>Manage relationships with external security vendors and partners</strong>, ensuring effective service delivery and technology adoption.</li> <li><strong>Oversee security compliance activities</strong> related to relevant regulations (e.g., GDPR, PCI-DSS) and frameworks (NIST, ISO 27001), ensuring Squarespace's adherence.</li> <li><strong>Promote a culture of security by design</strong> by working closely with development teams to integrate security into the software development lifecycle (SDLC).</li> <li>Work with partner teams to implement new security programs and refine existing ones, with an emphasis on driving the team's velocity while also maintaining high customer and employee engagement.</li> </ul> <h2 data-pm-slice="1 1 []">Who We're Looking For</h2> <ul> <li>Bachelor's degree in Computer Science, Information Security, or related field (or equivalent experience).</li> <li>12+ years of experience in cybersecurity, with a passion for Authentication and Authorization.</li> <li>Strong knowledge of Linux operating systems and cloud platforms (AWS GCP).</li> <li>Experience with tools automation tools for automating ... (truncated, view full listing at source)