AVP, Cyber Security Operations

About The Position

Requirements

• At least ten years of progressive experience in relevant Information Security positions.
• At least six years of experience in a security engineering role or a similar position or having equivalent skills and experience
• Proven experience managing hybrid SOCs (in-house and MSSPs), and leading global or enterprise-scale security operations.
• Demonstrated expertise with tools and technologies such as SIEM, SOAR, EDR, and threat intelligence platforms.
• Experience managing incidents and crises in dynamic environments.
• Deep understanding of incident response methodologies, threat detection, and forensics practices.
• Expertise in modern IT architectures, including hybrid cloud environments, containers, and APIs.
• Strong knowledge of security frameworks and standards (e.g., NIST CSF, MITRE ATT&CK, ISO 27001).
• Exceptional analytical and critical thinking skills with the ability to make critical decisions under pressure.
• Strong leadership, collaboration, and interpersonal skills, with the ability to influence at all levels of the organization.
• Effective communicator with the ability to translate complex technical details into actionable insights for diverse audiences.
• Ability to develop and mentor security operations teams, fostering a culture of continuous learning, skill development, and high-performance standards to stay ahead of evolving threats.
• Bachelor of Science (BS) degree that is technology based in information technology, engineering, computer science, or statistical/math sciences required.

Nice To Haves

• Master’s degree, e.g., MBA or in Computer Science, preferred.
• Advanced certifications such as CISSP, CISM, GIAC (e.g., GCIA, GCFA, GCIH), or CEH preferred.

Responsibilities

• SOC Leadership and Optimization: Leads the continuous improvement and optimization of the Security Operations Center (SOC) to ensure that it is capable of effectively detecting and responding to both external and internal threats. This includes refining SOC processes, tools, and workflows to ensure operational efficiency and responsiveness to security incidents across hybrid environments.
• Threat Intelligence Integration: Develops and operationalizes a comprehensive threat intelligence program that enhances situational awareness and empowers the SOC with actionable insights. This includes integrating external threat intelligence feeds, leveraging internal threat data, and fostering collaboration with industry groups and threat-sharing communities to stay ahead of emerging threats.
• Incident Response Management: Oversees the development and execution of incident response plans, ensuring they are tested, documented, and continuously improved. Leads high-impact incident response efforts, coordinating with relevant stakeholders to contain, remediate, and recover from security incidents. Ensures post-incident reviews are conducted to identify gaps and improve the organization’s overall security posture.
• Security Automation and Orchestration: Spearheads the integration of automation and orchestration tools, such as Security Orchestration, Automation, and Response (SOAR) platforms, to streamline and accelerate security operations. Focuses on automating repetitive tasks, improving response times, and reducing manual effort to increase operational efficiency within the SOC.
• Security Metrics and Reporting: Establishes key performance indicators (KPIs) and metrics to measure the effectiveness of the security operations function. Provides regular updates and executive reporting on security operations performance, including threat detection, incident response timelines, and overall security posture. Uses data to drive improvements and ensure alignment with the organization’s risk management strategy.
• Cross-functional Collaboration: Works closely with technology, legal, compliance, privacy, and business leadership to ensure that security operations are aligned with overall business objectives and regulatory requirements. Facilitates the integration of security considerations into all aspects of the organization’s technology infrastructure and processes.
• Team Development and Mentorship: Fosters a high-performance culture within the security operations team through mentorship, training, and leadership. Supports career development and skills growth for team members, ensuring they are equipped with the latest knowledge and tools to handle evolving threats. Builds a culture of continuous learning to keep the team ahead of the curve in security operations and threat management.
• Risk and Compliance Alignment: Ensures that the security operations function meets relevant regulatory requirements and aligns with industry standards (e.g., NIST, ISO 27001, GDPR). Works with compliance and legal teams to ensure that incident response efforts, threat intelligence, and SOC activities support the organization’s broader compliance goals.
• Technology and Tool Selection: Evaluates, selects, and implements security technologies that support the security operations program. This includes SIEM, EDR, threat intelligence platforms, and other tools that enhance detection, monitoring, and response capabilities. Ensures these tools are integrated seamlessly into the organization’s broader security architecture.