Director, Security Operations

Audax Group is a leading alternative investment manager with offices in Boston, New York, San Francisco, and London. Since its founding in 1999, the firm has raised over $40 billion in capital across its Private Equity and Private Debt businesses. With more than 400 employees and approximately 180 investment professionals, the firm is a leading capital partner for North American middle market companies. For more information, visit the Audax Group website www.audaxgroup.com.

POSITION SUMMARY:

The Director of Security Operations is a hands-on technical and leadership role responsible for managing and enhancing the firm’s security operations, including SIEM, incident response, threat detection, data leakage prevention, and vulnerability management. This role balances technical execution with strategic leadership, overseeing a team of four infrastructure engineers and cybersecurity analysts while managing MSSPs to optimize security monitoring, automation, and incident response. The Director will drive continuous improvements to security controls, ensuring a proactive defense against emerging threats.

KEY RESPONSIBILITIES

Operations:

• Provide strategic leadership and tactical execution of security operations, ensuring the effectiveness of monitoring, incident response, threat detection, and vulnerability management.
• Lead and mentor a multidisciplinary security team, fostering collaboration, professional growth, and continuous learning to strengthen security capabilities.
• Manage and enhance security detection capabilities, including SIEM, IAM, EDR, and firewalls, ensuring continuous improvement, fine-tuning detection rules, and reducing false positives.
• Define and track key performance indicators (KPIs) for incident response, vulnerability management, threat intelligence to measure and drive security improvements.
• Oversee the firm’s Managed Security Services Provider (MSSP), continuously evaluating performance to optimize threat detection, incident response, and overall security posture.
• Lead continuous vulnerability monitoring and risk assessments across on-premises, SaaS, and cloud environments, prioritizing remediation efforts to mitigate security risks.
• Develop and oversee security awareness programs, integrating training into onboarding and ongoing development, while tracking effectiveness through phishing simulations and key performance metrics.
• Conduct comprehensive third-party risk assessments, evaluating security, compliance, and data protection risks for new applications, service providers, and consultants.
• Develop and manage a structured patch and configuration management program, enforcing secure configurations and ensuring critical vulnerabilities are prioritized and remediated within established SLAs.
• Develop and maintain incident response runbooks and conduct regular simulations to ensure team readiness, identify process gaps, and enhance response effectiveness.

Access & Data Protection:

• Monitor authentication and access activity, leveraging logging and analytics to detect anomalies, refine policies, and proactively respond to security threats.
• Conduct regular access reviews and compliance audits, ensuring adherence to least privilege principles and adjusting entitlements to align with security and regulatory requirements.
• Perform periodic audits to assess the effectiveness of data protection measures, identify vulnerabilities, and implement corrective actions to mitigate risks.
• Develop and manage incident response plans specifically for data breaches, ensuring timely detection, containment, and notification in accordance with legal and regulatory requirements.
• Evaluate and monitor third-party service providers to ensure they adhere to the organization's data protection policies and comply with relevant data privacy regulations.
• Manage and continuously improve Data Loss Prevention (DLP) controls, refining policies, detection mechanisms, and rule tuning to enhance sensitive data protection while minimizing false positives.

Technical Competencies:

• Expertise in endpoint security, email security, cloud security data governance, and security posture management platforms.
• Strong understanding of Zero-Trust architectures, identity and access management (IAM) best practices, and SaaS security frameworks.
• Hands-on experience with cloud security, identity & access management tools, and vulnerability management solutions.
• Proficiency in data loss prevention (DLP), security automation, and advanced threat detection technologies.

Professional Experience & Qualifications

• Bachelor’s degree in Computer Science or a related field (or equivalent experience).
• 12+ years in information technology or cybersecurity, including 5+ years in leadership roles.
• Strong understanding of industry standards and regulatory frameworks, including SOC, ISO 27001, CIS, and NIST.
• Proven ability to lead cross-functional teams and manage relationships with external service providers.
• Industry-recognized certifications such as CISSP, CISM, GIAC, or CCSP.

Location: Boston, MA, In-Office

Audax offers a wide range of employee benefits, including health insurance, life insurance, disability insurance, paid time off (including sick leave, parental leave, volunteer leave, and vacation), charitable donation match, family support services (including Bright Horizons and Benefit Advocate Center), and a 401(k) in addition to other benefits.

 This job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee. Duties, responsibilities and activities may change or new ones may be assigned at any time with or without notice. 

Audax Management Co. is an equal opportunity employer.

Please note that Audax Group and its affiliated entities do not accept unsolicited resumes from a third-party recruiting agency not currently under a signed agreement. Any unsolicited resume that is sent to directly to Audax Group or one of its affiliated entities, or its employees, including those submitted to hiring managers by a third-party recruiting agency not currently under a signed agreement, will be considered property of Audax Group. If a third-party recruiting agency submits a resume without an agreement, Audax Group or its affiliated entities explicitly reserves the right to pursue and hire those candidate(s) without any financial obligation to the third-party recruiting agency. Any third-party recruiting agency should contact either a member of the Talent Acquisition or Human Resource team at Audax Group, in conjunction with a valid, fully executed contract for service based upon a specific job opening.