About Forma.ai:Forma.ai is a Series B startup that's revolutionizing how sales compensation is designed, managed and optimized. We handle billions in annual managed commissions for market leaders like Edmentum, Stryker, and Autodesk.Our growth has been fuelled by our passion for fundamentally changing and shaping how companies use sales intelligence to drive business strategy.Were welcoming equally driven individuals who are excited about creating something big!What Youll DoReporting to the VP of Engineering, you will work closely with our Director of Privacy to design, implement, and operate the practical elements of our security posture. This includes areas like device management (MDM), authentication and access management, security-focused observability, and related tooling programs.This is a hands-on role. Our security team is intentionally lean, so youll be directly involved in implementation, configuration, and ongoing operation, with support from our DevOps team when needed.Were looking for someone pragmatic and solution-oriented, able to design and implement strong, secure protocols that protect the business while still enabling us to move fast.Youll also support compliance efforts and customer-facing security needs, including audit preparation, security questionnaires, and occasional sales conversations where a security presence is helpful.The roles key responsibilities are listed below:Propose, implement, and configure practical security tooling and systems across:Cloud security (AWS environments, workload protection, misconfiguration detection)Identity & access management (SSO, MFA, access lifecycle)Endpoint security & device management (MDM)Logging, monitoring, and detection pipelinesPartner with DevOps and development teams to embed security into CI/CD pipelines and infrastructure workflowsCollaborate with the Director of Privacy on compliance, audits, and related activities (providing technical implementation and evidence support)Assess vendors and recommend build vs. buy decisions for security tools, with ownership of implementation and ongoing operationOperate, monitor, and continuously improve security systems and tooling, including alert tuning, vulnerability remediation follow-through, and system reliabilitySupport customer security questionnaires and sales conversations as neededWhat Were Looking For:You thrive in a hands-on, fast-moving startup environmentYou have experience personally designing, implementing, and operating security tooling and controlsYou have working knowledge across core security domains, such as:Cloud / infrastructure security (AWS preferred)Identity and access managementEndpoint / device managementDetection & monitoring / observabilityVulnerability managementYou have experience supporting compliance efforts and audits, including producing or validating technical evidenceYou have hands-on experience with SOC 2 and ISO 27001 (or similar) compliance frameworksYoure confident engaging with customers on security topics when neededYoure a clear communicator who can translate security concepts for technical and non-technical audiencesYou have a high level of professionalism and discretionAdditional Job Info:This position is for an existing vacancyThis role is focused on direct execution and ownership; candidates who prefer primarily managing vendors or delegating implementation may not find this role a fit.What Success Looks LikeYou own and operate security systems directly, not through delegationYou deliver measurable improvements in detection quality, vulnerability remediation, and system reliabilityYou establish yourself as a trusted execution partner to Engineering, DevOps, and PrivacyYou produce clean, reusable audit evidence with minimal overheadYou make security predictable, scalable, and low friction across the organization30 Days Foundation & VisibilityBuild a strong understanding of Formas AWS environment, security tooling, CI/CD workflows, IAM model, detection setup, and vulnerability management process.Establish working relationships with DevOps, Engineering, Privacy, and key security stakeholders.Begin hands-on contribution by triaging alerts, reviewing vulnerabilities, validating remediation status, and identifying quick configuration improvements.Document gaps in visibility, tooling, processes, and immediate opportunities to reduce risk or noise.60 Days Ownership & ExecutionTake ownership of vulnerability management, detection operations, alert tuning, and response workflows.Independently investigate alerts, drive remediation with engineering teams, validate fixes, and close issues fully.Improve detection coverage, reduce false positives, address logging gaps, and introduce high-value automation where appropriate.Strengthen IAM and access lifecycle processes, including reducing privilege creep and unused access.Support audits and compliance by producing reliable technical evidence and validating control effectiveness.90 Days Optimization & ImpactFully own and operate security tooling, detection systems, vulnerability management, and incident response execution.Deliver measurable improvements in remediation timelines, alert quality, system reliability, and security coverage.Embed security into engineering workflows through CI/CD controls, automation, and practical guardrails.Establish repeatable processes for audit evidence, incident documentation, monitoring, and reporting.Build credibility as a trusted, hands-on security operator and partner to Engineering, DevOps, and Privacy.Our Values:Work well, together. Were real. We have kids and pets. Mortgages and student loans. Were in this together, so no matter how brilliant any one of us is, we always play nice with one another no exceptions.Be precise. Be relentless. We believe complacency breeds failure, so we set new goals as quickly as we achieve them. We persist in the face of adversity, learn from our mistakes, and push each other to continuously improve. The status-quo is kryptonite.Love our tech. Love our customers. Our platform solves a very complex problem in a currently underserved market. While everyone at Forma isnt customer-facing, were all customer-focused. Maybe even slightly customer-obsessed. Use of AI for RecruitmentCurrently, Forma.ai does not use artificial intelligence as part of our recruitment process, specifically but not limited to the screening, filtering and shortlisting of applicants.Our commitment to you:Forma is a proud equal opportunity employer that is committed to creating a diverse and inclusive work environment. Every effort to accommodate candidates for accessibility will be made upon request. Information received related to accommodations will be addressed confidentially. We know that applying to a new role takes a lot of effort. You're encouraged to apply even if your experience doesn't precisely match the job description. There are many paths to a successful career and were looking forward to reading yours.We thank all candidates for their interest however only qualified applicants will be shortlisted.
Job Title
Director of Security Operations