Manager, Cybersecurity Operations

About The Position

Requirements

• 7+ years of experience in corporate information technology or cybersecurity roles
• 3+ years of experience leading security operations or incident response teams.
• Prior experience managing global SOC operations and working with external security service providers strongly preferred.
• Proven experience managing SOC operations and incident response programs, including coordination with MSSPs or outsourced security services.
• Strong understanding of SOC workflows, threat detection, SIEM operations, alert triage, and incident escalation models.
• Experience developing and governing incident response policies, playbooks, and training programs.
• Demonstrated ability to manage vendor relationships, including performance reviews, service-level management, and operational integration.
• Hands-on experience with incident response, digital forensics, and vulnerability triage.
• Strong people leadership skills, including task prioritization, performance management, and team development.
• Excellent communication skills, with the ability to translate operational security issues into clear, actionable insights for leadership.
• Working knowledge of security frameworks and standards relevant to SOC and IR operations (e.g., NIST CSF, NIST 800-61).
• Relevant certifications such as CISSP, GCIH, or equivalent preferred.

Responsibilities

• SOC Operations & MSSP Management Manage the global SOC function, including day-to-day operations, escalation workflows, and 24/7 monitoring coverage across internal teams and external partners.
• Serve as the primary operational owner for MSSP relationships, ensuring service delivery meets contractual, performance, and security expectations.
• Define and maintain clear roles, responsibilities, and escalation paths between internal and external teams.
• Regularly assess program performance using defined metrics, service-level objectives, and quality reviews, driving continuous improvement as needed.
• Coordinate onboarding, tuning, and ongoing optimization of tooling and detections across internal and managed environments.
• Incident Response & Process Governance Own the global incident response program, including policies, playbooks, escalation procedures, and post-incident review processes.
• Orchestrate response activities during significant or complex security incidents, ensuring effective collaboration between internal responders, MSSPs, and cross-functional stakeholders.
• Plan, conduct, and evaluate incident response training and tabletop exercises, including scenarios involving MSSP participation and escalation.
• Drive post-incident lessons learned and ensure findings are translated into process, detection, and response improvements.
• Security Operations & Risk Activities Lead vulnerability triage and operational risk review processes, coordinating prioritization and remediation with engineering, infrastructure, and application teams.
• Oversee periodic security operations reviews to assess detection coverage, response effectiveness, and operational gaps.
• Partner with threat intelligence, detection engineering, and technical engineering teams to improve signal quality, reduce noise, and align monitoring to current threat trends.
• Metrics, Reporting & Stakeholder Engagement Define and track incident response metrics such as MTTD, MTTR, alert quality, incident trends, and MSSP performance indicators.
• Provide clear, timely operational reporting and executive summaries to cybersecurity and IT leadership.
• Represent cybersecurity operations in audits, risk discussions, and vendor governance forums, ensuring operational controls are well understood and defensible.