Manager of Cybersecurity Operations Center

The Cybersecurity Operations Center Manager is responsible for overseeing the day-to-day operations of the Cybersecurity Operations Center, (CSOC), managing vendor performance, and ensuring compliance with agency cybersecurity policies and contractual obligations.

This role involves developing and executing continuous monitoring programs, leading incident response efforts, and optimizing security operations through automation and improved processes. The CSOC Manager will also ensure the effective integration of security monitoring tools and provide regular cybersecurity metrics and reporting to senior leadership.

Position within the Organization:
Reporting to the Chief Information Security Officer (CISO), the CSOC Manager will lead the CSOC team, collaborate with internal stakeholders and external vendors, and ensure the organization’s cybersecurity operations are aligned with best practices, regulatory requirements, and the overall security strategy.

Responsibilities Contract Management and Vendor Supervision

• Provide contract management and supervision for the operations of the 24 x 7 Cyber Security Operations Center (CSOC) to ensure compliance with agency expectations.
• Ensure that the staffing contractor adheres to the scope of work, delivering services on schedule and within budget.

Policy and Procedure Management

• Maintain the currency of policies, procedures, standards, playbooks used to deliver services necessary for continuous monitoring of the organization's information and operating technology systems.
• Focus on protecting the confidentiality, integrity, and availability of information systems.

Continuous Monitoring Program Development

• Oversee third-party Cybersecurity Operations Center (CSOC) vendor performance to ensure SLAs and KPIs are met
• Develop and execute the continuous monitoring program, aligning with the NIST Cybersecurity Framework.

Incident Response Capability

• Establish, maintain, and exercise an enterprise-wide 24x7 incident response capability.
• Develop incident response policies, procedures, and services to investigate and contain cyber incidents impacting business information and industrial control systems.
• Ensure incident response capability aligns with the NIST Cybersecurity Risk Framework.

Cyber Risk Assessment Guidance

• Provide guidance to line department staff performing cyber risk assessments, including threat workshops, threat scenarios, and risk scenarios.

Forensic Investigations

• Serve as the principal forensic technical investigator for cyber incidents.

Solution Design and Implementation

• Design and implement solutions for monitoring and responding to cyber threats and incidents.

Collaboration with OIG and PAPD

• Establish operational relationships with the Office of the Inspector General (OIG) for investigating cyber incidents.
• Establish operational relationships with PAPD for investigating cyber crime that occurs outside of the area of responsibility of the OIG.

Additional Responsibilities Vendor and Performance Management

• Manage vendor relationships to ensure services align with agency requirements and industry best practices.
• Conduct reviews, audits, and identify areas for improvement while ensuring compliance with contractual obligations.

Cybersecurity Threat Intelligence Management

• Develop and manage threat intelligence programs, integrating external threat intelligence sources and internal findings.
• Collaborate with government agencies, industry groups, and private-sector organizations to stay informed about emerging threats and vulnerabilities.
• Ensure effective sharing and dissemination of relevant threat intelligence within the organization.

Security Operations and Automation

• Continuously evaluate and improve security operations, leveraging automation tools to enhance threat detection, incident response, and operational efficiency.
• Identify opportunities for process optimization through automation and advanced analytics.

Security Monitoring, Incident Detection & Threat Hunting

• Ensure proper integration of security monitoring tools (SIEM, IDS/IPS, Endpoint Detection and Response, etc.) to identify threats and vulnerabilities across the environment.
• Monitor, review, and validate cyber alerts to assess the level of risk, ensuring timely detection and escalation.
• Proactively look for emerging threats throughout the environment.

Cybersecurity Metrics and Reporting

• Develop and implement reporting frameworks to track key cybersecurity metrics (incident response times, threats detected, vulnerabilities, etc.).
• Provide regular reports to senior leadership on the status of cybersecurity operations, incidents, trends, and effectiveness of strategies.

Team Leadership and Development

• Lead and mentor internal cybersecurity staff, ensuring high levels of skill development, training, and career progression.
• Work with HR to recruit, hire, and retain skilled cybersecurity personnel as needed.
• Foster a culture of cybersecurity awareness, collaboration, and continuous improvement.

Compliance and Regulatory Management

• Ensure…