Cybersecurity Operations Manager

Vaco is partnering with a national retail organization to hire a Manager of Cybersecurity Operations to lead and mature core security operations programs across the enterprise. This is a hands-on leadership role overseeing SOC operations, vulnerability management, endpoint security, DLP, incident response, and security automation.

This role is ideal for a cybersecurity leader who can operate at both the program and technical execution level. The team needs someone who can manage internal security talent, hold external MSSP partners accountable, improve alert handling and escalation processes, and build repeatable capabilities around detection, response, reporting, and automation. The environment is collaborative, fast-moving, and highly cross-functional, requiring someone who can communicate clearly across IT, GRC, engineering, and business teams.

This position is based in Tempe, Arizona and requires onsite presence Monday through Thursday, with Fridays optional remote.

• Manage and mature day-to-day SOC operations, including monitoring, alert triage, escalation, and incident response workflows
• Partner closely with an external MSSP to drive SLA accountability, improve alert quality, and ensure critical issues are escalated quickly
• Lead vulnerability management efforts across tools such as Rapid7, Defender, and related platforms, including prioritization, remediation tracking, and executive reporting
• Oversee endpoint security and management initiatives across Intune, Jamf, Defender, and related endpoint controls
• Drive improvements to SIEM and SOAR capabilities, including automation opportunities for level 1 response, alert enrichment, and repeatable playbooks
• Build and refine incident response processes, including playbooks, simulations, post-incident reviews, and lessons learned
• Partner with IT, GRC, engineering, and business stakeholders to improve security posture across the organization
• Support DLP strategy and monitoring to protect sensitive data across SaaS, cloud, and endpoint environments
• Use security metrics, scorecards, and framework alignment to communicate program maturity and areas for improvement
• Evaluate how AI can be used responsibly in security operations, including automation of response workflows and protection of AI-enabled systems
• Mentor and develop security team members while remaining hands-on with technical operations when needed
• Help define and operationalize security programs that reduce risk while supporting business velocity

• 6 or more years of experience in cybersecurity, information security operations, incident response, infrastructure, or related technical security roles
• Proven experience managing or leading SOC operations, either in a corporate environment or MSSP setting
• Strong understanding of the end-to-end incident response lifecycle, from alert intake through containment, remediation, and post-incident review
• Hands-on experience with cybersecurity technologies such as MDR, EDR, SIEM, SOAR, vulnerability management, and endpoint security tools
• Experience maturing vulnerability management programs, including risk prioritization, remediation coordination, and reporting
• Experience partnering with or managing MSSP relationships and holding vendors accountable to performance expectations
• Strong understanding of security frameworks and compliance considerations such as NIST, CIS Controls, PCI, SOX, and CCPA
• Ability to lead without authority and collaborate effectively across IT, engineering, GRC, and business teams
• Experience managing high-pressure incidents and making informed decisions under time-sensitive conditions
• Understanding of AI concepts and their impact on cybersecurity operations, including AI-enabled threats and secure use of AI tools
• Bachelor's degree in a related field, or equivalent additional experience

• CISM, CISSP, or similar security certification
• Experience with Rapid7, Microsoft Defender, Intune, Jamf, Workato, or comparable security and automation tools
• Experience building SOAR workflows or security automation playbooks
• Familiarity with cloud security controls across AWS, Azure, or GCP
• Experience in SaaS-heavy environments
• Experience with DLP program ownership or data protection initiatives
• Background supporting retail, consumer-facing, or high-growth business environments

• Salary range: $150,000 to $160,000 base, depending on experience
• Bonus potential and other financial incentives
• Comprehensive benefits package available

If you are a hands-on cybersecurity operations leader who can mature SOC processes, improve vulnerability and endpoint programs, and build practical automation across a growing security environment, we would welcome the opportunity to connect.