Cybersecurity Practice Manager

About The Position

Requirements

• 7+ years of experience in cybersecurity or IT with a security focus, including at least 3 years in an MSP, MSSP, or multi-tenant managed services environment
• 2+ years of people leadership experience, including direct management, coaching, accountability, or formal team lead responsibilities
• Strong experience leading or overseeing cybersecurity operations across SIEM, SOC, MDR, endpoint, identity, email security, vulnerability management, and incident response
• Experience managing cybersecurity tools, operational standards, alert workflows, escalation paths, and third-party security partners
• Strong understanding of Microsoft 365 security, including Defender, Entra ID, Conditional Access, Secure Score, and related controls
• Experience with EDR platforms, vulnerability remediation workflows, and email security controls including anti-phishing, impersonation protection, DMARC, DKIM, and SPF
• Experience investigating or overseeing security incidents, including malware, phishing, ransomware, business email compromise, and identity-related events
• Ability to assess security risk across multiple client environments and translate findings into clear priorities, remediation plans, and leadership recommendations
• Strong written and verbal communication skills, including the ability to explain security risk to non-technical stakeholders
• Strong documentation, process design, and operational discipline
• Working knowledge of common frameworks and standards such as CIS Controls, NIST 800-171, HIPAA Security Rule, and SOC 2 Trust Criteria
• Relevant industry certifications such as CISM, SC-200, CySA+, Security+, or equivalent combination of certifications and experience
• Actively driving towards CISSP and/or CISSP

Responsibilities

• Lead and manage the cybersecurity department, including day-to-day oversight of priorities, workload distribution, service quality, escalation discipline, and overall team performance
• Establish and maintain departmental standards for proactive security management, incident response, vulnerability management, client communication, documentation, and reporting
• Own the cybersecurity department scorecard, including KPIs, service delivery trends, backlog health, SLA adherence, documentation compliance, and client risk visibility
• Ensure the team is operating with clear accountability, proper follow-through, and consistency across all recurring cyber functions
• Monitor department capacity and staffing needs, making recommendations for role changes, hiring, training, and resource allocation as service demand evolves
• Lead the operating cadence for the department, including team meetings, one-on-ones, KPI review, issue escalation review, root cause discussions, and continuous improvement planning
• Directly manage Cyber team members, including performance expectations, coaching, development planning, quarterly reviews, and accountability conversations
• Create clear role expectations and measurable standards for each team member related to execution, quality, documentation, communication, and ownership
• Ensure the Senior Engineer — Cyber/Manager is effectively leading technical execution while the department as a whole remains aligned to standards and priorities.
• Support hiring, onboarding, role design, and future team scaling within the cybersecurity function
• Develop structured growth plans for technical team members, including certification paths, cross-training, mentoring expectations, and progression planning
• Maintain team readiness for after-hours support, major incidents, client escalations, and continuity of service across the department
• Own the operational performance, administration standards, and service delivery model for the cybersecurity tool stack across the client base
• Oversee the strategic and operational use of SIEM, SOC, MDR, EDR, vulnerability scanning, email security, identity security, awareness training, threat intelligence, dark web monitoring, and related security platforms
• Define and maintain standards for alerting, escalation thresholds, tuning expectations, monitoring coverage, investigation procedures, response workflows, documentation requirements, and client reporting across all cybersecurity platforms
• Ensure cybersecurity tools are configured, maintained, and governed in a way that supports effective service delivery, scalability, and consistent client outcomes
• Review platform effectiveness regularly, including alert quality, response quality, licensing alignment, coverage gaps, integration issues, and opportunities for automation or optimization
• Approve and govern changes to cybersecurity platform standards, default configurations, operational workflows, and escalation models before rollout
• Oversee SIEM and SOC operating workflows, whether services are delivered internally or through external partners, to ensure proper alert routing, investigation ownership, timely escalation, and documented follow-through
• Establish and maintain clear workflows between the Cyber team and all third-party security providers, including SOC partners, MDR providers, compliance vendors, penetration testing firms, and incident response partners
• Define ownership boundaries, escalation paths, communication standards, handoff procedures, and expected turnaround times for all third-party cyber relationships
• Hold third-party vendors accountable for service performance, reporting quality, escalation discipline, and contractual obligations
• Ensure third-party workflows are documented, current, and aligned with internal operational expectations and client needs
• Review partner performance regularly and recommend changes where service gaps, inefficiencies, or quality concerns exist
• Maintain oversight of cybersecurity service quality across all managed clients, ensuring work is executed consistently and in accordance with department standards
• Serve as the management escalation point for major security incidents, high-risk client issues, unresolved vulnerabilities, recurring security failures, and critical cyber-related service breakdowns
• Review security assessments, remediation plans, incident response outcomes, hardening recommendations, and root cause findings for quality and completeness
• Ensure significant incidents are documented properly, escalated appropriately, and followed through to permanent remediation or risk acceptance
• Maintain visibility into recurring alert patterns, unresolved control gaps, vulnerability trends, and client environments that require leadership attention or additional action
• Support the Senior Engineer and broader technical team in resolving issues that require cross-functional coordination, priority alignment, or management intervention
• Ensure quarterly security posture assessments are completed consistently for all applicable managed clients and are documented to standard
• Oversee the department’s approach to endpoint protection, patch-related security compliance, vulnerability remediation cadence, email security hygiene, identity hardening, and privileged access review
• Ensure proactive security activities are scheduled, completed, tracked, and reported on according to departmental expectations
• Validate that findings from proactive reviews are translated into remediation actions, client recommendations, project scopes, or risk tracking as appropriate
• Drive continual improvement of proactive security programs so the department is not operating reactively or relying solely on alerts and incidents to identify risk
• Maintain executive-level visibility into client security posture, open risk items, recurring vulnerabilities, incident trends, and accounts requiring elevated attention
• Ensure clients receive clear, risk-based guidance related to remediation priorities, security maturity improvements, compliance readiness, and strategic security investments
• Support Quarterly Business Reviews and strategic client meetings with security posture insights, incident summaries, roadmap recommendations, and leadership-level risk context, as requested
• Partner with Client Success and technical leadership to align cybersecurity recommendations with client business priorities, contracted services, and operational realities
• Identify opportunities for expanded security services, security maturity improvements, compliance-related services, and broader advisory engagement
• Ensure the department maintains current incident response standards, runbooks, escalation procedures, contact trees, and recovery guidance for managed clients
• Oversee the quality and timeliness of incident triage, response coordination, remediation follow-through, and post-incident review activities
• Require documented root cause analysis for qualifying security incidents and ensure corrective actions are assigned, tracked, and completed
• Drive discipline around recurring security issue identification, trend review, and permanent corrective action rather than repeated short-term resolution
• Ensure lessons learned from incidents are translated into improved standards, updated runbooks, client guidance, or internal process changes
• Oversee the cybersecurity department’s support of client compliance initiatives, including audit preparation, control validation, remediation tracking, evidence support, and assessor coordination
• Ensure the team is prepared to support client needs related to frameworks and standards such as CIS Controls, NIST 800-171, HIPAA Security Rule, SOC 2 Trust Criteria, and similar obligations
• Oversee penetration testing coordination, findings review, remediation follow-up, and readiness support for clients with formal security or regulatory requirements
• Own oversight of the MSP’s internal security posture within the department’s scope, including staff endpoint protection, MFA enforcement, privileged access hygiene, internal tool access review, and internal cyber improvement planning
• Maintain visibility into internal security gaps and ensure findings are escalated, tracked, and reviewed with leadership as appropriate
• Ensure cybersecurity SOPs, investigation playbooks, standards, hardening guides, and knowledge base content are documented, maintained, and reviewed on a defined cadence
• Own the quality standard for cybersecurity documentation in Hudu and related systems
• Drive process refinement across the department to improve consistency, reduce noise, strengthen accountability, and increase scalability
• Identify and implement automation opportunities that improve alert handling, documentation consistency, reporting, workflow execution, or remediation tracking
• Ensure the department is continuously improving rather than relying on tribal knowledge or ad hoc execution
• Partner with Service Desk, Central Services, Projects, NOC, and Client Success leadership to ensure cybersecurity services are integrated properly into onboarding, escalation handling, project delivery, compliance efforts, and client planning
• Ensure handoffs between reactive service, project work, compliance support, onboarding, and managed cyber operations are clean, documented, and actionable
• Act as the operational representative for the cybersecurity department in leadership discussions, service design conversations, process improvement initiatives, and capacity planning
• Support broader operational maturity by helping define standards, remove bottlenecks, and improve service consistency across departments where cybersecurity dependencies exist

Benefits

• Medical Insurance
• Dental Insurance
• Vision Insurance
• Life Insurance
• Disability Insurance