Manager of Cybersecurity Operations
Hillwood · Dallas, TX · 6 days ago
On-siteManufacturingFull-time
Cyber Operations Leadership and Team Management
- Serve as the operational leader of the cyber function, managing daily priorities, workload distribution, and team performance across monitoring, incident response, identity governance, and risk reduction workstreams.
- Mentor and develop junior analysts; set clear expectations, conduct regular 1:1s, provide technical coaching, and support career development plans.
- Establish and maintain cyber operations playbooks, runbooks, SLAs, and escalation procedures; drive continuous improvement through lessons learned and metrics review.
- Manage the on-call rotation and ensure 24/7 coverage models are sustainable and effective.
- Serve as the primary point of contact for executive communication during security events; deliver clear, concise incident briefings to SVP IT and senior leadership.
Cybersecurity Monitoring, Detection & Incident Response
- Lead incident response activities for confirmed security events, coordinating investigation, containment, eradication, recovery, and post-incident review.
- Perform advanced threat analysis, log correlation, forensic triage, and root cause investigation across SIEM, EDR/XDR, email, identity, and cloud platforms.
- Own detection engineering: develop, tune, and maintain detection rules, correlation logic, and alerting thresholds to reduce noise and improve mean-time-to-detect (MTTD).
- Coordinate with external incident response partners, legal, and business leadership as needed during significant events.
- Maintain incident response plans and ensure alignment with NIST CSF and Hillwood’s risk framework.
Identity Governance & Administration (IGA)
- Own the IGA program operationally: manage the platform, define and maintain role-based access control (RBAC) models, entitlement catalogs, and access policies across Hillwood’s application and infrastructure landscape.
- Lead the design and execution of periodic access certification and recertification campaigns, ensuring compliance with audit requirements (ITGC, SOC 2, etc.).
- Manage joiner/mover/leaver (JML) automation workflows; identify gaps and drive continuous improvement in provisioning/de-provisioning accuracy and speed.
- Monitor and resolve IGA platform exceptions, including orphaned accounts, segregation of duties (SoD) violations, excessive privilege accumulations, and failed provisioning events.
- Serve as the functional owner for IGA vendor relationships and platform roadmap; coordinate with IT infrastructure on directory services, SSO, MFA, and Conditional Access integration.
- Ensure IGA controls satisfy NIST CSF requirements and support Hillwood’s Zero Trust architecture objectives.
- Produce IGA metrics and reporting for governance committees and audit evidence packages.
Vulnerability Management & Risk Reduction
- Oversee the vulnerability management lifecycle: scanning, prioritization, remediation tracking, exception management, and reporting.
- Drive risk reduction initiatives across the environment, including security configuration hardening, attack surface reduction, and third-party risk assessment support.
- Lead phishing simulation programs and security awareness efforts in coordination with HR and communications.
- Support due diligence questionnaires and audit evidence requests, ensuring timely, accurate, and well-documented responses.
Security Architecture & Engineering Guidance
- Provide security architecture input on infrastructure, application, and cloud projects; ensure security is considered in design decisions.
- Evaluate and recommend security tools, platforms, and process improvements; manage proof-of-concept efforts and vendor assessments.
- Collaborate with the EDL/data team and IT infrastructure on log onboarding, data source integration, and security telemetry strategy.
- Support Conditional Access policy management, Intune/MDM security posture, and DLP/information protection initiatives.
Governance, Compliance & Stakeholder Engagement
- Represent the cyber function in governance forums, including the AI Steering Committee, vendor intake reviews, and data governance discussions.
- Maintain and report on NIST CSF maturity scores; own the cyber remediation roadmap and 90-day sprint planning.
- Build strong working relationships with division leaders, IT infrastructure, legal, HR, and external partners to align security operations with business priorities.
- Produce regular operational reporting (KPIs, incident trends, IGA metrics, vulnerability posture) for SVP IT and executive stakeholders.