Senior Manager IT - Security Operations

Job Description

Job Description

The Senior IT Manager - Security Operations will report directly to the Sr. Director of Information Security and is responsible for overseeing, maturing, and operating the end‐to‐end Cyber Defense function. In this leadership role, you will direct the strategy, people, processes, and technologies responsible for threat detection, incident response, cyber threat intelligence, and security monitoring across on‐premises, cloud, SaaS, and OT environments. You will manage internal Cyber Defense analysts while governing our managed security service providers to ensure 24×7 protection, rapid response, reliable detection content, and continuous improvement of defensive capabilities. This role requires strong technical depth, excellent leadership presence, and the ability to drive measurable security outcomes across a highly distributed enterprise. You will partner closely with Infrastructure, Networking, Cloud, IAM, Applications, and business stakeholders to ensure our cyber defense posture meets industry standards and supports RCP’s strategic goals.

Cyber Defense Strategy & Program Leadership

• Develop and execute a Cyber Defense strategy covering detection, response, threat hunting, threat intelligence, cloud/identity security, and network/endpoint telemetry.
• Build and maintain a multi‐year roadmap for capabilities, tooling, automation, and maturity evolution.
• Establish measurable goals, KPIs, and operational metrics for the Cyber Defense program.

Team Leadership & Talent Development

• Lead, mentor, and develop Cyber Defense analysts and engineers.
• Oversee team performance, coaching, workload balance, career development, and succession planning.
• Build a strong culture of operational excellence, readiness, and continuous learning.
  

Threat Detection & Engineering

• Own the full lifecycle of detection engineering: backlog management, design, development, testing, deployment, tuning, and retirement of use cases.
• Maintain detection coverage mapped to frameworks such as MITRE ATT&CK, NIST CSF, and relevant threat models.
• Ensure onboarding, validation, and maintenance of log sources for SIEM, EDR, cloud, identity, network, OT, and SaaS platforms.
• Drive quality of alerts through false‐positive reduction, noise suppression, and telemetry enrichment.

Security Operations & Incident Response

• Serve as Incident Commander for high‐severity cyber incidents, directing technical response, triage, containment, and eradication activities.
• Lead executive communications, regulatory notifications (as needed), RCAs, and post‐incident remediation governance.
• Ensure IR plans, playbooks, tabletop exercises, and runbooks remain current, tested, and effective.

MSSP & SOC Governance

• Govern managed SOC(s) and related MDR/EDR service providers to ensure SLA/SLO compliance, detection accuracy, timely escalations, and service improvements.
• Lead weekly operational reviews and monthly/quarterly business reviews with MSSP partners.
• Validate tuning, content development, automation, detection gaps, and service recommendations.

Security Technology Ownership

• Serve as product owner for SIEM, EDR, SOAR, cloud security monitoring, digital forensics tools, and threat intelligence platforms.

Drive engineering oversight for:

• SIEM operations and architecture
• Endpoint detection and response
• SOAR playbooks and automation
• Cloud and identity security telemetry (Azure, AWS, M365, Entra ID/PIM)
• OT/ICS visibility tooling
• Lead major platform upgrades, migrations, and evaluations (e.g., SIEM modernization initiatives).

Cloud, Identity & SaaS Defense

• Oversee development and tuning of detections for cloud workloads, identity systems, OAuth/App Consent abuse, MFA anomalies, and SaaS platforms.
• Ensure protection and monitoring across multi‐cloud/hybrid environments with secure configuration baselines and telemetry

Qualifications

• Bachelor’s degree in Computer Science or similar area of study, or a directly related field with 10 or more years of work experience.
• 8+ years of work experience leading Cyber Defense Management.
• Exceptional ability to assess and communicate information security concepts and practices with both business and IT stakeholders.
• Prior experience supporting hybrid multi-cloud environments, including SaaS, PaaS, IaaS, and on-premises solutions.
• Proven experience in design, implementation, and operations of a cyber-defense program with heavy leverage of managed security service provider(s).
• Working knowledge of MITRE ATT&CK, NIST CSF, ISO 2700x and COBIT frameworks/standards in relation to a cyber-defense program.
• Ability to travel 5%.

Plus:

• ClSSP, CISA or Cloud security certification.

Company DescriptionWe care about the success of each member of out team! We strive for long lasting partnerships where you can grow and expand your career.

Company Description

We care about the success of each member of out team! We strive for long lasting partnerships where you can grow and expand your career.