Director of Site Reliability & Security - Remote

Does your current company inspire you to build, grow, and innovate?  Is your passion for making lasting and meaningful change being realized? 

The tremendous growth in our business and increasing demand for our services means we are expanding our team in exciting ways.  We have the heart of a startup and the backing of an industry leader.  This means a unique career opportunity for low-ego professionals looking for a people-first, culture rich work family with which to change the world. 

Summary:

Centro Benefits Research is seeking a strategic and hands-on Director of Site Reliability & Security to lead the design, implementation, and continuous improvement of our infrastructure reliability, platform security, and compliance posture. The headline priority for this role in year one is to drive the organization through its first SOC 2 Type II audit, establishing the policies, controls, and evidence-collection processes needed to achieve and maintain the report.

Beyond SOC 2, you will own site reliability and security as a hands-on leader within a small, senior engineering team. You’ll set the standards, tooling, and culture needed to operate resilient systems at scale—often doing the work yourself rather than delegating it. You’ll partner closely with engineering, product, and business stakeholders to embed reliability and security into every stage of the software development lifecycle, and represent infrastructure and security priorities to senior leadership.

Essential Duties and Responsibilities:

• Lead the organization through its first SOC 2 Type II audit: conduct a readiness assessment, identify control gaps, implement remediation plans, coordinate with external auditors, and deliver a clean report
• Define and maintain the full set of SOC 2 policies, procedures, and technical controls across the Trust Services Criteria (security, availability, confidentiality, processing integrity, privacy)
• Build and operationalize continuous compliance monitoring so that evidence collection, access reviews, and control testing become part of everyday engineering workflows rather than a one-time effort
• Define and execute the longer-term strategic vision for site reliability and security across the organization
• Establish and enforce SLAs, SLOs, and SLIs for critical services; drive accountability for uptime and incident response
• Own the incident management lifecycle, including on-call rotations, post-incident reviews, and continuous improvement of response processes
• Architect and oversee cloud infrastructure for high availability, disaster recovery, and horizontal scalability
• Harden existing Infrastructure as Code pipelines with security scanning, policy-as-code guardrails, and CI/CD security gates
• Evaluate and introduce monitoring, observability, and security tooling to improve detection, response, and prevention capabilities
• Establish and maintain security policies, access controls, and data protection standards
• Collaborate with cross-functional teams to balance reliability and security investments against feature delivery

Qualifications, Skills and Requirements:

Core Competency Requirements

• Direct, hands-on experience leading an organization through a SOC 2 Type II audit, ideally from initial readiness through report delivery
• Deep expertise in Azure, including networking, identity (Entra ID), and security services
• Strong experience with Terraform for Infrastructure as Code, including module design and state management
• Proven track record designing and operating highly available, distributed systems in production
• Hands-on experience with Kubernetes, Docker, and modern CI/CD tooling and DevOps practices
• Strong understanding of application and network security principles, including authentication, authorization, encryption, and zero-trust architectures
• Experience implementing and managing observability stacks (e.g., Datadog, Prometheus, Grafana, ELK)
• Excellent written and verbal communication skills with both technical and non-technical stakeholders
• Experience with incident management platforms and processes, including blameless post-mortems
• Comfortable operating as a hands-on individual contributor while also setting strategy and influencing engineering culture

Competency Nice to Haves

• Experience working in the insurance or benefits industry
• Familiarity with additional compliance frameworks such as HIPAA, ISO 27001, or NIST
• Experience with security automation and SOAR platforms
• Relevant certifications such as CISSP, CISM, Azure Security Engineer Associate, or CKA/CKS

Education, Training and Experience:

• Significant professional experience in software engineering, DevOps, SRE, or security engineering
• Proven track record of leading an organization through SOC 2 or comparable compliance certification from the ground up
• Demonstrated ability to operate as both a strategic leader and a hands-on practitioner
• Excellent written and verbal communication skills, with the ability to effectively collaborate with both technical and non-technical stakeholders

The typical base pay range for this role nationwide is $200,000 to $225,000 per year.  

Your base pay is dependent upon your skills, education, qualifications, professional experience, and location. In addition to base pay, some roles are eligible for variable compensation, commission, and/or annual bonus based on your individual performance and/or the company’s performance. We also offer eligible employees health, wellbeing, retirement, and other financial benefits, paid time off, overtime pay for non-exempt employees, and robust learning and development programs. You will receive reimbursement of job-related expenses per the company policy and may receive employee perks and discounts. To learn more, visit: www.onedigital.com/careers

Thank you for your interest in joining the team!