Manager of Cybersecurity Operations Center

Lead 24x7 CSOC operations, continuous monitoring, and incident response. Manage vendors and contract performance, and provide cybersecurity metrics and reporting to senior leadership. Reports to the CISO.

Key Responsibilities

• Oversee 24x7 CSOC operations, including continuous monitoring, alert triage, escalation, and threat hunting.
• Own CSOC vendor and staffing contract oversight; manage scope, schedule, budget, performance, SLAs/KPIs, and compliance with agency expectations.
• Establish, maintain, and exercise incident response capability aligned with the NIST Cybersecurity Risk Framework; serve as Incident Commander and coordinate cross-functional response through containment, remediation, and reporting.
• Develop and maintain incident response policies, procedures, playbooks, and services for business information and industrial control systems.
• Maintain policies, standards, and procedures supporting confidentiality, integrity, and availability of information systems.
• Manage threat intelligence: integrate external sources and internal findings; coordinate timely dissemination to stakeholders.
• Provide cyber risk assessment guidance to line departments (threat workshops; threat/risk scenarios).
• Serve as principal forensic technical investigator for cyber incidents; support cyber incident and cyber crime investigations with OIG and PAPD.
• Design and implement monitoring and response solutions; improve security operations using automation and analytics.
• Build and deliver cybersecurity metrics and reporting for senior leadership (operations, incidents, trends, and strategy effectiveness).
• Lead and develop the team; partner with HR to recruit, hire, and retain cybersecurity personnel as needed.
• Ensure operational compliance with applicable requirements (e.g., NIST, GDPR, HIPAA, PCI, FISMA) and support audits and assessments.
• Coordinate incident response with disaster recovery/business continuity teams; participate in tabletop exercises.
• Support vulnerability and risk management: assess, prioritize, remediate, and guide risk mitigation across the agency.
• Review technology changes for security impact; advise on security requirements and secure architecture/design.
• Stay current on emerging threats using threat intelligence sources, briefings, and industry forums.

Minimum Qualifications:

• A minimum of 10 years of experience in managing a Cybersecurity Operations Center (CSOC) or a security operations team.
• Strong knowledge of the NIST Cybersecurity Framework, incident response, threat hunting, and risk management practices.
• Familiarity with SIEM platforms, IDS/IPS, endpoint protection, and other cybersecurity monitoring tools.
• Strong knowledge of the FEMA Incident Command System (ICS) and the ability to lead an ICS based incident response.
• Experience in vendor management, contract negotiation, and performance monitoring.
• Strong leadership and interpersonal skills, with the ability to lead and motivate teams effectively.
• Excellent communication and presentation skills, with the ability to communicate complex security topics to non-technical stakeholders.

Desired Qualifications

• Certifications in the Incident Command System (ICS) are highly desirable.
• Professional certifications such as CISSP, CISM, CISA, or similar certifications are highly desirable.
• Experience with incident response tools, forensic investigation techniques, and malware analysis.