Senior Manager, IT Security

Summary

Join Dandy, a rapidly growing tech company transforming the dental industry, as a Senior Manager, IT Security. Reporting to the Director, IT, you will lead and develop the IT security function, defining its vision, structure, and roadmap. Key responsibilities include building incident response capabilities, implementing cybersecurity technologies, conducting tabletop exercises, and fostering a security-first culture. You will partner with various teams to embed security into all aspects of the business. This is a high-impact role requiring strong leadership, technical expertise, and strategic thinking. The ideal candidate will have extensive experience in IT security, a proven track record of building successful programs, and excellent communication skills.

Requirements

• Leadership Experience : 3+ years in a leadership role within IT security, with a proven track record of building programs and delivering outcomes in fast-paced, growth environments
• Proven Security Expertise : 7+ years of experience in IT security, with deep knowledge of incident response, cybersecurity tools (e.g., Splunk, CrowdStrike, Palo Alto Networks), and processes like threat detection, containment, and recovery
• Hands-On Technical Skills : Significant experience implementing and managing cybersecurity technologies (e.g., SIEM, EDR, MFA). Understanding of SAST/DAST and security principles across Windows, macOS, Linux, GCP, and Azure environments is a must
• Collaborative Leadership : Strong communicator capable of working with IT, Product, Engineering, and executive stakeholders to align security initiatives with business goals. Ability to simplify complex security issues for diverse audiences
• Strategic Thinking & Execution : You can define a long-term security vision while executing tactical initiatives, balancing hands-on work with strategic planning in a resource-constrained environment
• Process-Oriented & Detail-Oriented : Experience designing and implementing rigorous, scalable security processes (e.g., incident response workflows, tabletop exercise frameworks) that drive consistency and efficiency
• Technical Aptitude : Strong understanding of network security, cloud security, and system integrations. Ability to translate security requirements into technical specifications for internal or external resources

Responsibilities

• Build & Shape the IT Security Function : Define the vision, structure, and roadmap for our IT security program. Establish policies, processes, and growth paths as the function scales
• Lead Security Incident Response : Own our Security Incident Response Policy and Process, leading real-time incident response for threats like malware, phishing, or data breaches. Establish clear RACI models and success metrics for containment and recovery
• Drive Tabletop Exercises : Design and facilitate tabletop exercises to prepare cross-functional teams (IT, Product, Engineering, Legal) for cyber threats, fostering corporate readiness and iterative improvements
• Implement Cybersecurity Technologies : Evaluate and deploy scalable cybersecurity tools (e.g., SIEM, EDR, MFA, firewalls) to protect our infrastructure. Stay ahead of emerging threats and recommend cost-effective solutions
• Partner with Application Security Teams : Collaborate with Product and Engineering to embed security into the software development lifecycle (e.g., DevSecOps, secure coding). Support vulnerability management and application security best practices
• Foster a Security-First Culture : Advocate for security awareness across the organization through training, policies, and cross-functional collaboration. Translate complex security concepts into actionable insights for non-technical stakeholders
• Optimize Processes & Metrics : Establish best practices for incident response, system security, and data protection. Define KPIs to measure program effectiveness and report progress to leadership

Preferred Qualifications

• Experience in mid-sized, high-growth tech companies
• Certifications like CISSP, CISM, CRISC, CEH, or OSCP
• Familiarity with compliance frameworks (e.g., SOC 2, GDPR, ISO 27001, HIPAA)
• Background managing vendor relationships and procuring cybersecurity tools
• Knowledge of data visualization tools for security analytics (e.g., Looker, Splunk dashboards, Elastic)

Benefits

• Healthcare
• Dental
• Mental health support
• Parental planning resources
• Retirement savings options
• Generous paid time off