Information Security SOC Manager

DMBA provides a variety of benefits including health, life, and retirement to employees of the Church of Jesus Christ of Latter-day Saints and its affiliates. DMBA began operations in 1970 and is now in its 55th year of supporting the Church of Jesus Christ of Latter-day Saints and its mission.

Position Summary:

DMBA is looking for an Information Security SOC Manager to join the Information Security Team. The Information Security Team reports to the Chief Technology Officer and is responsible for the Information security program. This role will oversee the implementation, performance, and management of the security operations center as well as the identity and access management team.

Responsibilities:

• Oversee the day-to-day operations of the security operations center including baselining, performance metrics, reporting, team development, tool evaluation, and incident investigation and escalation
• Oversee the day-to-day operations of the identity and access management strategy including performance metrics, reporting, team development, tool evaluation, and other identity governance initiatives
• Maintain and optimize SIEM, SOAR, EDR, and vulnerability management tools
• Develop, test, and refine incident response playbooks and escalation procedures
• Drive threat hunting, intelligence integration, and proactive detection initiatives
• Participate in the selection of new technologies and solutions to address gaps in the SOC and IAM strategy
• Partner with IT and business teams to implement various security technologies in alignment with a multi-year information security framework
• Oversee IAM lifecycle processes including provisioning, de-provisioning, role-based access control (RBAC), privileged access management (PAM), and multi-factor authentication (MFA)
• Ensure compliance with identity governance policies and regulatory frameworks (HIPAA, HITRUST, SOC 2, NIST, ISO 27001)
• Partner with HR, IT, and application owners to streamline identity processes and enforce least privilege and zero-trust principles
• Manage IAM platforms (e.g., Microsoft Entra, Okta, CrowdStrike Identity Threat Protection, CyberArk, etc.) and support integration with enterprise applications
• Lead various security initiatives and projects to address gaps and continuously improve security operations
• Support the development of policy, risk management, and compliance requirements by applying technical expertise
• Evaluate and consult with IT and business teams on new and emergent technologies to support innovation while appropriately managing risk
• Review latest threat intelligence for emergent threat actors and vectors to improve and respond to imminent threats
• Lead, mentor, and develop a team of SOC analysts/engineers and IAM engineers
• Collaborate with compliance, risk, and IT teams to ensure security operations and identity practices meet audit and regulatory requirements
• Contribute to strategic planning for security architecture, risk management, and zero-trust initiatives
• Provide executive reporting on security posture, IAM metrics, and incident response readiness
• Prioritize team tasks and evaluate the performance of team members, tooling, and operational efficiency
• Be an active participant in building the Information security program by evaluating and suggesting new solutions and ideas and championing the information security program

Qualifications and Experience:

• 4-year Bachelor's degree or Master's degree (preferred)
• 7-10 years of technical IT and information security experience
• 1-3 years of technical leadership or mentoring experience
• CISM, GIAC, CISSP, OSCP, Microsoft Engineer, Microsoft Architect, AWS Security, or equivalent information security training and expertise
• Strong understanding of information security best practices and security frameworks (NIST CSF, ISO 27001, ISO27005, CIS Controls, HITRUST, etc.)
• Experience with HIPAA, DOL Information security best practices, international, federal, and state privacy laws
• Deep knowledge of databases, common operating systems (Windows/Linux), networking, application, and cloud environments
• Deep knowledge of security solutions (SIEM, SOAR, Firewall, WAF, Vulnerability Scanning, XDR, endpoint, PAM, etc.)
• Experience with Microsoft 365, Palo Alto, AWS, and other common platforms and technologies
• Experience with multi-year control framework implementations

Other Qualifications:

• Ability to work with various IT and Business teams to address sensitive topics and risk
• Strong management and business communication skills
• Deep technical understanding and ability to apply it to complex technical and business solutions
• Expertise in project management and prioritization
• Strong collaboration and team development skills
• Highly motivated team player with a desire to improve the information security program
• Work in a hybrid remote work and office work environment

What We Offer:

• Competitive pay
• Rich medical, vision and dental benefits with low premiums. One of the top health plans in Utah
• Rich retirement planning: including 401(k) company match, 8% EDRC Employer Discretionary Retirement Contribution (we just give you free money for retirement), life insurance, and full service Financial Planners onsite at no cost
• Generous paid leave plan that starts accruing your first day, your birthday off, additional sick leave and 12 paid holidays
• Award winning wellness program with health coaching, ability to earn 3 additional days off a year, fun activities and an onsite gym.
• Tuition reimbursement
• Career development through company sponsored programs and over 5000 on-demand online training courses.
• Hybrid work schedules available depending on position
• Employee Assistance Program