Associate Vice President, Security Engineering & Operations

The Associate Vice President (AVP) Security Engineering & Operations is responsible for building and scaling a high-performance security engineering and operations function that protects Hyland's business, enables engineering, compliance, and adjacent securityteams while reducing operational friction. This role will embed security into asset management, software engineering, cloud operations, and automate workflows while driving continuous improvements in security posture resilience and incident readiness. Reporting to the CISO, the AVP leads the Security Operations Center (SOC), Enterprise and Application Security initiatives, and offensive/defensive security operations to align with enterprise growth, customer commitments, and innovation goals.

Responsibilities:

Build and lead a highly efficient, AI-enabled Security Operations Center (SOC), delivering threat detection, exposure management, posture management, incident response, and digital forensics capabilities.

• Define and own KPIs for SOC performance (MTTD, MTTR, SLA adherence), engineering delivery, and coverage gap closure.

• Manage a team to monitor for and respond to security events 24x7x365, and plan and execute regular incident response and postmortem exercises with measurable benchmarks.

• Oversee and continuously improve DevSecOps/AppSec integration, embedding security into CI/CD pipelines, SCA/SAST/DAST tooling, secure code review, non-human identity/API security programs, and threat modeling.

• Build and maintain strong relationships with stakeholders, sharing threat intelligence and best practices; lead engagement with engineering teams to implement new systems and processes.

• Deep familiarity with cloud-native security architecture to act as a deeply embedded partner to architecture and development teams.

• Direct and approve the design of security systems including zero trust architecture, network segmentation, and identity security.

• Drive offensive and defensive security operations including red teaming and blue team resilience.

• End-to-end ownership of multi-faceted and distributed Vulnerability management programs, including prioritization frameworks and release gates tied to business risk.

• Set vision and collaborate with senior management to define and ensure success of departmental strategy, including budget management.

• Provide managerial direction and oversee all aspects of performance management for direct reports and teams.

• Drive continuous improvement through after-action reviews, tooling optimization, and process automation.

• Develop future leaders within the team that aligns with the people strategy. Build a management team bench capable of meeting the demands of rapid growth.

• Serve as an escalation point for complex and high-level issues; provide direction and guidance to assist with resolution of issues and removing obstacles for security and stakeholder teams.

• Work with the leadership to plan the strategic vision, organizational structure, operating policies, and procedures and management practices to ensure the department delivers operational excellence.

• Act as a strategic partner to product, engineering, and other technical teams to embed security into the acquisition, management, and software development lifecycle.

Qualifications:

• Bachelor's degree in computer science, information security, engineering, or related field

• 15+ years of progressive experience in cybersecurity or engineering leadership with at least 5 years in SaaS cloud-native environments.

• Proven track record of leading incident response, application security, or DevSecOps functions at enterprise scale.

• Deep expertise in DevSecOps, cloud-native security, software engineering, and automation.

• Demonstrated fiscal responsibility/accountability in managing budgets with a track record for consolidating tooling expenses.

• Certifications such as CISSP, CISM, SANS/GIAC, CSSLP, OSCP

• Exceptional ability to design, implement, and prove security effectiveness through evidence-based testing and measurable outcomes.

• Exceptional knowledge of automation CI/CD, SRE, and multi-cloud operating environments

• Up to 10% of travel time required.