Manager, Cybersecurity Operations
About the role
The Manager, Cybersecurity Operations owns day-to-day security operations and incident response, with a strong focus on Microsoft Azure, Microsoft 365 (including Defender, Purview, DLP, and IRM), and key SaaS platforms. This role provides both strategic and hands-on leadership for the security operations team and is accountable for the effectiveness and maturity of security operations in support of the company's risk management and compliance programs.
Responsibilities
- Lead the security operations function, including monitoring, triage, and response for alerts across Azure, Microsoft 365, Windows 365, endpoints, identity, email, and core SaaS applications.
- Direct and coordinate Managed Detection and Response (MDR) and SOC partners, ensuring clear runbooks, effective SLAs, and high-quality investigations and escalations.
- Manage and coach the security operations team, partnering with Infrastructure, Applications, Legal, Compliance, and business leaders to embed security into day-to-day processes.
- Establish a healthy check and balance between IT and cybersecurity so IT focuses on delivery and operations while cybersecurity independently governs, monitors, and enforces controls across the environment.
- Develop, maintain, and continuously improve runbooks and standard operating procedures for common security events and operational tasks.
- Oversee root cause analysis, basic forensics, and threat hunting activities across identity, email, endpoint, and cloud workloads.
- Drive incident lifecycle management: tracking metrics, trends, remediation progress, and lessons learned for technology and business leadership.
- Support protection of "crown jewel" assets through data classification, conditional access, and policy enforcement across Microsoft 365 and key business systems.
- Partner in governance activities, including GRC platform administration, NIST-based control assessments, InfoSec steering committee inputs, and security improvement tracking.
- Perform vendor cybersecurity due diligence (e.g., security questionnaires, DDQs, monitoring enrollment) and manage third-party risk operations in partnership with Procurement and Legal.
- Maintain an accurate inventory of security-relevant assets (devices, SaaS applications, privileged accounts) to support monitoring, access control, and vulnerability management.
- Contribute to security awareness efforts, including annual training, Cybersecurity Awareness Month activities, and targeted campaigns.
- Partner with the Director of Infrastructure and Security on KPIs, operational risk metrics, and budget planning for tools, services, and managed partners.
- Identify and recommend opportunities to automate and streamline security operations and system administration.
Qualifications
- Bachelor’s degree in computer science, information systems, cybersecurity, or equivalent experience; 5+ years of progressive cybersecurity experience with demonstrated leadership responsibility.
- Hands-on experience with IAM, SIEM, and vulnerability management tools, ideally in a Microsoft-centric environment (Azure AD/Entra ID, Microsoft 365, Defender suite).
- Strong understanding of cybersecurity frameworks and controls (e.g., NIST CSF, ISO 27001, CIS) and their application in day-to-day operations and governance.
- Proven ability to lead incident response, coordinate cross-functional stakeholders, and communicate clearly with technical and non-technical audiences.
- Demonstrated skills in team leadership, collaboration, project management, and written and verbal communication; strong attention to detail and adaptability in a fast-changing environment.
Skills
- Hands-on experience with IAM, SIEM, and vulnerability management tools, ideally in a Microsoft-centric environment (Azure AD/Entra ID, Microsoft 365, Defender suite).
- Strong understanding of cybersecurity frameworks and controls (e.g., NIST CSF, ISO 27001, CIS) and their application in day-to-day operations and governance.
- Proven ability to lead incident response, coordinate cross-functional stakeholders, and communicate clearly with technical and non-technical audiences.
- Demonstrated skills in team leadership, collaboration, project management, and written and verbal communication; strong attention to detail and adaptability in a fast-changing environment.
Pay
The anticipated base salary range for this position is $120,000 to $165,000.
Schedule
This is a hybrid position based in Xeris' Chicago office. A minimum of three days per week in the office is required. On-site requirement may change at management's discretion. Position may require periodic evening and weekend work, as necessary to fulfill obligations. Periodic overnight travel.