Manager of Cybersecurity Operations

About The Position

Requirements

• Strong technical depth in the following areas: SIEM administration and detection engineering, EDR/XDR investigation and response, Identity and access management / IGA platforms (e.g., Microsoft Entra ID Governance), Vulnerability management (e.g. Rapid7), Cloud security (Azure, M365, Conditional Access, Intune)
• Working knowledge of security frameworks such as NIST CSF, NIST 800-53, and MITRE ATT&CK.
• Strong analytical and problem-solving skills with the ability to make sound decisions in high-pressure situations.
• Excellent written and verbal communication skills, with the ability to translate technical concepts for non-technical audiences.
• Demonstrated ability to handle sensitive and confidential information with discretion and integrity.
• Bachelor’s degree in IT, Computer Science or related field.
• 5–10+ years of progressive experience in cybersecurity operations, incident response, or security engineering.
• 2+ years of experience leading, mentoring, or managing a team (formal or informal).
• Experience producing executive-level security communications and incident briefings.
• Experience designing and executing access controls, RBAC models, and identity lifecycle processes.

Nice To Haves

• Preferred experience working with AI security monitoring (e.g. AI Agent monitors, etc.)

Responsibilities

• Serve as the operational leader of the cyber function, managing daily priorities, workload distribution, and team performance across monitoring, incident response, identity governance, and risk reduction workstreams.
• Mentor and develop junior analysts; set clear expectations, conduct regular 1:1s, provide technical coaching, and support career development plans.
• Establish and maintain cyber operations playbooks, runbooks, SLAs, and escalation procedures; drive continuous improvement through lessons learned and metrics review.
• Manage the on-call rotation and ensure 24/7 coverage models are sustainable and effective.
• Serve as the primary point of contact for executive communication during security events; deliver clear, concise incident briefings to SVP IT and senior leadership.
• Lead incident response activities for confirmed security events, coordinating investigation, containment, eradication, recovery, and post-incident review.
• Perform advanced threat analysis, log correlation, forensic triage, and root cause investigation across SIEM, EDR/XDR, email, identity, and cloud platforms.
• Own detection engineering: develop, tune, and maintain detection rules, correlation logic, and alerting thresholds to reduce noise and improve mean-time-to-detect (MTTD).
• Coordinate with external incident response partners, legal, and business leadership as needed during significant events.
• Maintain incident response plans and ensure alignment with NIST CSF and Hillwood’s risk framework.
• Own the IGA program operationally: manage the platform, define and maintain role-based access control (RBAC) models, entitlement catalogs, and access policies across Hillwood’s application and infrastructure landscape.
• Lead the design and execution of periodic access certification and recertification campaigns, ensuring compliance with audit requirements (ITGC, SOC 2, etc.).
• Manage joiner/mover/leaver (JML) automation workflows; identify gaps and drive continuous improvement in provisioning/de-provisioning accuracy and speed.
• Monitor and resolve IGA platform exceptions, including orphaned accounts, segregation of duties (SoD) violations, excessive privilege accumulations, and failed provisioning events.
• Serve as the functional owner for IGA vendor relationships and platform roadmap; coordinate with IT infrastructure on directory services, SSO, MFA, and Conditional Access integration.
• Ensure IGA controls satisfy NIST CSF requirements and support Hillwood’s Zero Trust architecture objectives.
• Produce IGA metrics and reporting for governance committees and audit evidence packages.
• Oversee the vulnerability management lifecycle: scanning, prioritization, remediation tracking, exception management, and reporting.
• Drive risk reduction initiatives across the environment, including security configuration hardening, attack surface reduction, and third-party risk assessment support.
• Lead phishing simulation programs and security awareness efforts in coordination with HR and communications.
• Support due diligence questionnaires and audit evidence requests, ensuring timely, accurate, and well-documented responses.
• Provide security architecture input on infrastructure, application, and cloud projects; ensure security is considered in design decisions.
• Evaluate and recommend security tools, platforms, and process improvements; manage proof-of-concept efforts and vendor assessments.
• Collaborate with the EDL/data team and IT infrastructure on log onboarding, data source integration, and security telemetry strategy.
• Support Conditional Access policy management, Intune/MDM security posture, and DLP/information protection initiatives.
• Represent the cyber function in governance forums, including the AI Steering Committee, vendor intake reviews, and data governance discussions.
• Maintain and report on NIST CSF maturity scores; own the cyber remediation roadmap and 90-day sprint planning.
• Build strong working relationships with division leaders, IT infrastructure, legal, HR, and external partners to align security operations with business priorities.
• Produce regular operational reporting (KPIs, incident trends, IGA metrics, vulnerability posture) for SVP IT and executive stakeholders.

Benefits

• Medical, dental, and vision insurance options
• Flexible Spending Accounts (FSA) or Health Savings Accounts (HSA) dependent on plan elections
• Paid time off, holidays, and floating holidays
• Paid parental and family caregiver leave
• Mental health and wellness resources
• Life insurance and disability coverage
• 401(k) retirement plan with company match
• Additional programs to support Associates and their families