Senior Manager, Security Operations

As a key leader within the Information Security organization, the Security Operations Manager is responsible for overseeing day?to?day security operations and ensuring the effective detection, investigation, containment, and remediation of cyber threats impacting the enterprise. This role manages a team of analysts, drives operational readiness, and strengthens the organization’s security posture through continuous improvement, technical

leadership, and cross?department collaboration.

The Security Operations Manager must be capable of operating independently,

demonstrating advanced critical?thinking skills, strong analytical capabilities, sound

judgment under pressure, and the ability to comprehend and address complex technical and organizational challenges without relying solely on predefined checklists or prescriptive

workflows.

Responsibilities listed below represent the minimum expectations for this role. Additional duties may be assigned as necessary to support business, regulatory, or operational objectives.

Essential Duties And Responsibilities

Security Operations Leadership

• Oversee day?to?day SOC operations across cloud, on?premises, endpoint, and application
  
  

environments.

• Provide technical direction and operational leadership to SOC analysts.
• Ensure all security events and incidents are managed consistently, accurately, and in
  
  

alignment with organizational priorities.

Team Management & Development

• Lead, mentor, and coach SOC analysts to support skill development, analytical capability,
  
  

and operational maturity.

• Assist in performance evaluations, guide career progression, and foster a culture of
  
  

accountability and high performance.

• Establish expectations for independent analysis, strong reasoning, and effective
  
  

decision?making by team members.

Incident Response Ownership

• Direct and coordinate incident response activities, including investigation, containment,
  
  

and remediation.

• Provide real?time guidance to analysts during high?severity incidents and ensure timely,
  
  

well?documented resolution.

• Serve as an escalation point for complex investigations or ambiguous threat scenarios
  
  

requiring executive decision?making.

Threat Detection, Monitoring & Analysis

• Evaluate and enhance detection coverage, analytic depth, and SOC visibility.
• Partner with threat intelligence, engineering, and architecture teams to refine detection
  
  

logic and improve response capability.

• Ensure SOC maintains awareness of emerging threats and incorporates relevant
  
  

intelligence into operations.

Cross?Functional Collaboration

• Coordinate with IT Infrastructure, Networking, Application, Clinical, and Cybersecurity
  
  

Architecture teams to support remediation activities.

• Collaborate closely with Compliance and HR during internal investigations requiring log
  
  

analysis, evidence gathering, or technical validation.

• Support audit engagements, including SOC2 and regulatory requirements (e.g., HIPAA,
  
  

NIST CSF), by providing evidence, insights, and technical expertise.

Process, Playbooks & Documentation

• Develop, maintain, and continuously improve SOC playbooks, incident response
  
  

procedures, and operational documentation.

• Identify and eliminate operational bottlenecks, introducing process efficiencies based on
  
  

experience and analytical insight.

Technology Ownership & Optimization

• Oversee SOC technologies including SIEM, EDR/XDR, SOAR, threat intelligence platforms,
  
  

and related detection or investigation tooling.

• Ensure platform configurations, alerting logic, and integrations remain optimized for
  
  

accuracy, visibility, and speed.

Analytics, Reporting & Metrics

• Track SOC KPIs and operational metrics to effectively communicate security posture,
  
  

incident volume, and response effectiveness.

• Deliver concise, executive?ready reporting on incidents, trends, risks, and opportunities
  
  

for improvement.

AI?Enablement & Automation Integration

• Identify opportunities to leverage AI and automation to improve SOC efficiency, reduce
  
  

manual workload, and strengthen response capability.

• Explicit leadership of AI?driven security solutions and responsible AI governance
  
  

(frameworks, adoption, alignment with ERM/compliance).

• Partner with engineering teams to integrate automation into investigation and response
  
  

workflows.

On?Call Requirement & After?Hours Support

• Participation in the on?call rotation as needed by operational needs.
• Incident response and CSIRT activation may require engagement during evenings, nights,
  
  

weekends, or holidays.

• Maintain readiness to support critical and high?severity incidents requiring immediate
  
  

leadership involvement.

• Participation and engagement in tabletop exercises and risk assessments
  
  

Additional Duties

• Penetration testing participation (internal/external; cloud/mobile/app) with third-party
  
  

vendors

• Cloud security strategy definition and execution (posture management, tenant onboarding,
  
  

compliance alignment).

• Authoring enablement documentation for assessments and platform integrations.
• Additional responsibilities may be assigned as necessary based on evolving technologies,
  
  

threats, business needs, or regulatory requirements.

Qualifications / Requirements

Education & Experience

• Bachelor’s degree preferred in computer science, information systems, cybersecurity, or a
  
  

related field.

• 7 years of professional experience in cybersecurity, with at least 4 years of experience in
  
  

security operations.

• Experience leading or mentoring SOC analysts or incident responders.
  
  

Technical & Professional Competencies

• Strong expertise in security operations, incident response, threat detection, and
  
  

investigative methodologies.

• Skilled with SOC technologies such as SIEM, EDR/XDR, SOAR, and threat intelligence
  
  

platforms.

• Familiarity with cloud security principles, vulnerability management programs, and
  
  

enterprise security controls.

• Foundational scripting or automation experience preferred.
• Strong communication skills with the ability to convey complex technical scenarios clearly.
• Ability to operate independently and make informed decisions under pressure.
• High level of integrity, analytical capability, and situational awareness.
  
  

KEY COLLABORATORS

• Security Operations Center (SOC) Team
• Cybersecurity Architecture
• IT Infrastructure & Networking
• Compliance, Privacy, & Audit
• Business Solutions and Application Teams
• Legal
• HR
  
  

Supervisory Responsibilities

• Direct supervision of SOC analysts.
  
  

Budgetary Responsibilities

• May assist with vendor coordination, renewals, and SOC technology recommendations.