Cybersecurity Operations Manager

Vaco is partnering with a national retail organization to hire a Manager of Cybersecurity Operations to lead and mature core security operations programs across the enterprise. This is a hands-on leadership role overseeing SOC operations, vulnerability management, endpoint security, DLP, incident response, and security automation.

This role is ideal for a cybersecurity leader who can operate at both the program and technical execution level. The team needs someone who can manage internal security talent, hold external MSSP partners accountable, improve alert handling and escalation processes, and build repeatable capabilities around detection, response, reporting, and automation. The environment is collaborative, fast-moving, and highly cross-functional, requiring someone who can communicate clearly across IT, GRC, engineering, and business teams.

This position is based in Tempe, Arizona and requires onsite presence Monday through Thursday, with Fridays optional remote.

What You’ll Be Doing

• Manage and mature day-to-day SOC operations, including monitoring, alert triage, escalation, and incident response workflows
• Partner closely with an external MSSP to drive SLA accountability, improve alert quality, and ensure critical issues are escalated quickly
• Lead vulnerability management efforts across tools such as Rapid7, Defender, and related platforms, including prioritization, remediation tracking, and executive reporting
• Oversee endpoint security and management initiatives across Intune, Jamf, Defender, and related endpoint controls
• Drive improvements to SIEM and SOAR capabilities, including automation opportunities for level 1 response, alert enrichment, and repeatable playbooks
• Build and refine incident response processes, including playbooks, simulations, post-incident reviews, and lessons learned
• Partner with IT, GRC, engineering, and business stakeholders to improve security posture across the organization
• Support DLP strategy and monitoring to protect sensitive data across SaaS, cloud, and endpoint environments
• Use security metrics, scorecards, and framework alignment to communicate program maturity and areas for improvement
• Evaluate how AI can be used responsibly in security operations, including automation of response workflows and protection of AI-enabled systems
• Mentor and develop security team members while remaining hands-on with technical operations when needed
• Help define and operationalize security programs that reduce risk while supporting business velocity

Required Experience

• 6 or more years of experience in cybersecurity, information security operations, incident response, infrastructure, or related technical security roles
• Proven experience managing or leading SOC operations, either in a corporate environment or MSSP setting
• Strong understanding of the end-to-end incident response lifecycle, from alert intake through containment, remediation, and post-incident review
• Hands-on experience with cybersecurity technologies such as MDR, EDR, SIEM, SOAR, vulnerability management, and endpoint security tools
• Experience maturing vulnerability management programs, including risk prioritization, remediation coordination, and reporting
• Experience partnering with or managing MSSP relationships and holding vendors accountable to performance expectations
• Strong understanding of security frameworks and compliance considerations such as NIST, CIS Controls, PCI, SOX, and CCPA
• Ability to lead without authority and collaborate effectively across IT, engineering, GRC, and business teams
• Experience managing high-pressure incidents and making informed decisions under time-sensitive conditions
• Understanding of AI concepts and their impact on cybersecurity operations, including AI-enabled threats and secure use of AI tools
• Bachelor’s degree in a related field, or equivalent additional experience

Nice to Have

• CISM, CISSP, or similar security certification
• Experience with Rapid7, Microsoft Defender, Intune, Jamf, Workato, or comparable security and automation tools
• Experience building SOAR workflows or security automation playbooks
• Familiarity with cloud security controls across AWS, Azure, or GCP
• Experience in SaaS-heavy environments
• Experience with DLP program ownership or data protection initiatives
• Background supporting retail, consumer-facing, or high-growth business environments

Compensation & Benefits

• Salary range: $150,000 to $160,000 base, depending on experience
• Bonus potential and other financial incentives
• Comprehensive benefits package available

If you are a hands-on cybersecurity operations leader who can mature SOC processes, improve vulnerability and endpoint programs, and build practical automation across a growing security environment, we would welcome the opportunity to connect.

Determining compensation for this role (and others) at Vaco/Highspring depends upon a wide array of factors including but not limited to the individual’s skill sets, experience and training, licensure and certifications, office location and other geographic considerations, as well as other business and organizational needs. With that said, as required by local law in geographies that require salary range disclosure, Vaco/Highspring notes the salary range for the role is noted in this job posting. The individual may also be eligible for discretionary bonuses, and can participate in medical, dental, and vision benefits as well as the company’s 401(k) retirement plan. Additional disclaimer: Unless otherwise noted in the job description, the position Vaco/Highspring is filing for is occupied. Please note, however, that Vaco/Highspring is regularly asked to provide talent to other organizations. By submitting to this position, you are agreeing to be included in our talent pool for future hiring for similarly qualified positions. Submissions to this position are subject to the use of AI to perform preliminary candidate screenings, focused on ensuring minimum job requirements noted in the position are satisfied. Further assessment of candidates beyond this initial phase within Vaco/Highspring will be otherwise assessed by recruiters and hiring managers. Vaco/Highspring does not have knowledge of the tools used by its clients in making final hiring decisions and cannot opine on their use of AI products.