Security Operations Center, Senior Manager

Summary

This leadership position works with senior leadership to establish goals and objectives of a large team, or multiple teams.

• Manages the activities of one or more teams of Digital professionals.
• Focuses on achieving the deliverables on-time and within budget.
• Employs service management and/or project management methodologies to deliver high quality work products.
• Attracts, retains and develops high quality staff.
• Establishes and maintains a work environment conducive to high performance.
• Addresses the training and professional development needs of the staff.
• Promotes and encourages a high-quality customer service experience for all customers - internal and external.
• Collaborates well with other teams and departments to produce results.
• May work with multiple vendors to assure delivery of contracted services and products.
• May engage in negotiations with vendors.
• Manages several medium to high complexity projects and/or services.

The Security Operations Center (SOC) Senior Manager is a senior cybersecurity professional responsible for the oversight of a 24/7 hybrid SOC team supporting a large healthcare enterprise. In this role, the SOC Senior Manager leads internal SOC analysts and coordinates with a Managed Security Service Provider (MSSP) to monitor, detect, and respond to cybersecurity threats around the clock. This position functions as a bridge between technical security operations and executive leadership, ensuring the organization's digital assets stay protected while translating complex security issues into business terms.

As the leader of an essential security function, the SOC Senior Manager has both operational and strategic responsibilities. This role requires technical mastery to support incident response, as well as deep experience in project management, organizational leadership, and strategic planning. The SOC Senior Manager ensures that security operations align with the NIST Cybersecurity Framework and comply with healthcare regulations such as HIPAA, driving continuous improvements to meet these frameworks.

This role reports to the Director of Security Operations and collaborates closely with other cybersecurity and IT leaders to integrate SOC activities with the broader security strategy.

• Provide day-to-day operational management of a 24/7 hybrid SOC. Oversee continuous security monitoring and incident response coverage for the enterprise, coordinating a team of internal analysts and MSSP resources to ensure threats are promptly detected, triaged, and addressed.
• Lead and develop the SOC team (Analysts, Threat Hunters, Incident Responders). Actively mentor and coach personnel across skill levels, establishing clear career paths and performance expectations, conducting regular evaluations, and fostering a high-performance culture.
• Govern and coordinate a Managed Security Service Provider (MSSP). Serve as the primary point of contact for the MSSP, overseeing their service delivery, monitoring Service Level Agreements (SLAs), and integrating their activities with internal SOC operations to maintain a seamless 24/7 defense.
• Supervise security monitoring, detection, triage, escalation, containment, and incident investigation. Ensure that SOC processes (from initial alert handling to incident closure) are executed efficiently and in accordance with established playbooks and escalation procedures, acting as an escalation point and incident commander during high-severity security incidents.
• Oversee and enhance security technologies. Manage and continuously improve the SOC technology stack—including platforms like SIEM, EDR, ticketing, SOAR, and cloud security controls in Azure, AWS, and GCP—to optimize threat detection and response capabilities.
• Ensure alignment with cybersecurity frameworks and healthcare regulations. Maintain SOC policies, procedures, and controls in alignment with the NIST Cybersecurity Framework and the HIPAA Security Rule, using these standards to guide incident response plans and security operations.
• Prepare documentation, dashboards, and executive-level reports. Develop and update comprehensive SOC documentation (procedures, playbooks, incident reports) and operational dashboards. Provide regular reports and briefings to executives on the organization's security posture, incident trends, and SOC performance against key objectives.
• Identify, track, and report operational metrics and KPIs. Define key performance indicators (e.g., alert volumes, response times, mean time to detect/recover) and use them to measure SOC effectiveness. Analyze and report on these metrics through monthly dashboards and presentations, driving accountability and continuous improvement.
• Collaborate with interdisciplinary teams (IT, Privacy, Compliance, Network, Clinical, etc.). Work closely with other departments and stakeholders to ensure coordinated security incident response and alignment of security measures with organizational needs.…