Senior Manager, Security Operations

About The Position

Requirements

• Bachelor’s degree or advanced degree preferred; professional security management certification preferred (e.g., CISSP, CISM, CISA, or similar).
• 10+ years of experience in cybersecurity, including 5+ years of direct experience in security operations (e.g., SIEM, IDS/IPS, network security, email security, endpoint security, vulnerability management, and incident response).
• 5+ years of management/leadership experience, including managing people, projects, budgets, vendors, and operational processes.
• Experience with SOC models and operations, including use-case development, alert tuning, and incident escalation practices.
• Experience with vendor management, including contract negotiations, service delivery oversight, and maximizing the use of third-party resources (e.g., MDR/MSSP).
• Experience in ITIL, including change management principles and practices.
• Experience with gap assessments, penetration testing approaches, and patch/vulnerability remediation coordination.
• Experience with modern security tools across key domains (SIEM, EDR, MDR, EASM, network defense, vulnerability scanning, encryption, and cloud security).
• Knowledge of regulations, frameworks, and standards, including NIST, ITIL, GDPR, ISO/IEC 27001, and common industry control frameworks.
• Knowledge of SOC operations and security monitoring concepts, including detection engineering, log management, and coverage mapping (e.g., MITRE ATT&CK).
• Knowledge of endpoint, network, email, identity, and cloud security domains, and security-related tools such as EDR, IDS/IPS, anti-malware, patch management, baselining, SIEM, access control, and firewalls.
• Incident response leadership, including triage, containment, eradication, recovery, communications, and post-incident reviews; familiarity with forensics fundamentals.
• Threat mitigation strategies and threat intelligence consumption, including practical application to detection and response.
• Security groups, consortiums, and related networking forums and services.
• Strong ability to communicate information security and risk-related concepts to technical and non-technical audiences at various hierarchical levels, ranging from senior leaders to technical specialists.
• Strong critical analysis and problem-solving skills, including diagnosing, troubleshooting, and recommending solutions.
• Ability to manage multiple time-sensitive priorities without diminished effectiveness.
• Ability to determine & apply the root cause of security events.
• Understanding and knowledge of industry best practice methodologies
• Highly developed organizational and management skills

Nice To Haves

• Pharmaceutical industry experience strongly desired.

Responsibilities

• Oversee day-to-day security operations execution, including incident detection, investigation, response, and recovery, with clear escalation paths and incident communications.
• Define and maintain the security operations operating model (coverage, on-call rotations, severity taxonomy, runbooks/playbooks, and stakeholder communications) to ensure repeatable execution.
• Own and regularly exercise incident response playbooks (e.g., ransomware, business email compromise, insider threat, cloud compromise), including tabletop exercises and after-action reviews.
• Lead security monitoring and detection engineering (log onboarding, alert tuning, false-positive reduction, and coverage mapping such as MITRE ATT&CK).
• Implement and govern risk-based vulnerability and exposure management (prioritization, remediation SLAs, exception/risk acceptance, and reporting to technology owners and leadership).
• Lead engineering and operational support of IT security solutions, tools, and systems (e.g., SIEM, EDR, email security, IAM-related monitoring, network security monitoring, DLP, vulnerability scanning).
• Manage performance and outcomes for security operations vendors and service providers (e.g., MDR/MSSP), including SLAs, runbooks, escalations, and continuous service improvement.
• Develop and report security operations metrics and dashboards (e.g., MTTD/MTTR, alert fidelity, vulnerability SLA performance) and present trends, risks, and improvement plans to stakeholders.
• Drive security operations automation and workflow integration (ticketing, enrichment, containment actions where appropriate) to improve consistency, scalability, and response speed.
• Perform and/or oversee security testing of applications, networks, and infrastructure (vulnerability assessments, penetration testing coordination, and validation of remediation).
• Support development and operation of data loss prevention (DLP) strategies and tooling; partner with Legal/Privacy on data handling requirements.
• Contribute to and coordinate audit and regulatory support efforts with internal and external auditors; create and manage responses to security reports, notifications, and alerts.
• Implement solutions observing compliance and control requirements (e.g., SOX, privacy laws, and applicable security standards) and drive continuous improvement of policies, procedures, and control effectiveness.
• Manage and develop information security operations staff and/or service partners through goal setting, mentoring, and career development; lead cross-functional security projects.
• Maintain a broad knowledge of current and emerging threats, technologies, architectures, and products; identify opportunities to enhance threat intelligence coverage and monitoring capabilities.