Job description
Dandy is transforming the massive and antiquated dental industry—an industry worth over $200B. Backed by some of the world’s leading venture capital firms, we’re on an ambitious mission to simplify and modernize every function of the dental practice through technology. As we expand our reach globally, Dandy is building the operating system for dental offices around the world—empowering clinicians and their teams with technology, innovation, and world-class support to achieve more for their practices, their people, and their patients.
About the Role
Dandy is seeking a dynamic and experienced Senior Manager, IT Security to establish, lead, and grow our IT security functions. Reporting directly to the Director, IT, this role will own the strategy, execution, and continuous improvement of Dandy’s cybersecurity program.
You’ll be responsible for building our incident response capabilities, implementing best-in-class security technologies, conducting tabletop exercises, and partnering with our IT, Product, and Engineering teams to embed security into everything we build. This is a high-impact role for a hands-on, strategic leader who thrives in a fast-paced environment and is passionate about building a security-first culture from the ground up.
What You’ll Do
Build & Shape the IT Security Function: Define the vision, structure, and roadmap for our IT security program. Establish policies, processes, and growth paths as the function scales.
Lead Security Incident Response: Own our Security Incident Response Policy and Process, leading real-time incident response for threats like malware, phishing, or data breaches. Establish clear RACI models and success metrics for containment and recovery.
Drive Tabletop Exercises: Design and facilitate tabletop exercises to prepare cross-functional teams (IT, Product, Engineering, Legal) for cyber threats, fostering corporate readiness and iterative improvements.
Implement Cybersecurity Technologies: Evaluate and deploy scalable cybersecurity tools (e.g., SIEM, EDR, MFA, firewalls) to protect our infrastructure. Stay ahead of emerging threats and recommend cost-effective solutions.
Partner with Application Security Teams: Collaborate with Product and Engineering to embed security into the software development lifecycle (e.g., DevSecOps, secure coding). Support vulnerability management and application security best practices.
Foster a Security-First Culture: Advocate for security awareness across the organization through training, policies, and cross-functional collaboration. Translate complex security concepts into actionable insights for non-technical stakeholders.
Optimize Processes & Metrics: Establish best practices for incident response, system security, and data protection. Define KPIs to measure program effectiveness and report progress to leadership.
What We’re Looking For
Leadership Experience: 3+ years in a leadership role within IT security, with a proven track record of building programs and delivering outcomes in fast-paced, growth environments.
Proven Security Expertise: 7+ years of experience in IT security, with deep knowledge of incident response, cybersecurity tools (e.g., Splunk, CrowdStrike, Palo Alto Networks), and processes like threat detection, containment, and recovery.
Hands-On Technical Skills: Significant experience implementing and managing cybersecurity technologies (e.g., SIEM, EDR, MFA). Understanding of SAST/DAST and security principles across Windows, macOS, Linux, GCP, and Azure environments is a must.
Collaborative Leadership: Strong communicator capable of working with IT, Product, Engineering, and executive stakeholders to align security initiatives with business goals. Ability to simplify complex security issues for diverse audiences.
Strategic Thinking & Execution: You can define a long-term security vision while executing tactical initiatives, balancing hands-on work with strategic planning in a resource-constrained environment.
Process-Oriented & Detail-Oriented: Experience designing and implementing rigorous, scalable security processes (e.g., incident response workflows, tabletop exercise frameworks) that drive consistency and efficiency.
Technical Aptitude: Strong understanding of network security, cloud security, and system integrations. Ability to translate security requirements into technical specifications for internal or external resources.
Bonus Points For
Experience in mid-sized, high-growth tech companies.
Certifications like CISSP, CISM, CRISC, CEH, or OSCP.
Familiarity with compliance frameworks (e.g., SOC 2, GDPR, ISO 27001, HIPAA).
Background managing vendor relationships and procuring cybersecurity tools.
Knowledge of data visualization tools for security analytics (e.g., Looker, Splunk dashboards, Elastic).
For full-time positions, Dandy offers a wide range of best-in-class, comprehensive, and inclusive benefits tailored to each country where we operate. Our local benefits packages typically include healthcare, dental, mental health support, parental planning resources, retirement savings options, and generous paid time off—ensuring our team members are supported no matter where they live and work.
Dandy is proud to be an equal-opportunity employer. We are committed to building a diverse and inclusive culture that celebrates authenticity to win as one. We do not discriminate on the basis of race, religion, color, national origin, gender, gender identity, sexual orientation, age, marital status, disability, protected veteran status, citizenship or immigration status, or any other legally protected characteristics.
Dandy also fully complies with the Americans with Disabilities Act (ADA). We are dedicated to embracing challenges and creating an accessible, inclusive workplace for all individuals. If you require any accommodations for your interview or have any questions beforehand, rest assured that we will do everything we can to meet your needs. Visit Dandy Careers for more!
