Cybersecurity Practice Manager

Cybersecurity Practice Manager

The Cybersecurity Practice Manager is responsible for the leadership, performance, standards, and operational maturity of the cybersecurity function within Central Services. This role owns the people, processes, tooling, service quality, and strategic direction of managed cybersecurity services delivered across the client base. This position ensures that the Cyber team operates proactively, consistently, and at scale across all managed environments. The Manager oversees SIEM and SOC operating standards, third-party security partner coordination, escalation quality, client risk visibility, compliance support readiness, platform governance, reporting, and continuous improvement of the security service offering. In addition to leading the department, this role also serves as the technical lead and primary security operator. The Manager is accountable for both day-to-day execution and long-term development of the cybersecurity function, ensuring the team delivers consistent, high-quality security outcomes for clients.

Key Responsibilities

Department Leadership & Operational Ownership

• Lead and manage the cybersecurity department, including day-to-day oversight of priorities, workload distribution, service quality, escalation discipline, and overall team performance
• Establish and maintain departmental standards for proactive security management, incident response, vulnerability management, client communication, documentation, and reporting
• Own the cybersecurity department scorecard, including KPIs, service delivery trends, backlog health, SLA adherence, documentation compliance, and client risk visibility
• Ensure the team is operating with clear accountability, proper follow-through, and consistency across all recurring cyber functions
• Monitor department capacity and staffing needs, making recommendations for role changes, hiring, training, and resource allocation as service demand evolves
• Lead the operating cadence for the department, including team meetings, one-on-ones, KPI review, issue escalation review, root cause discussions, and continuous improvement planning

Team Management, Coaching & Accountability

• Directly manage Cyber team members, including performance expectations, coaching, development planning, quarterly reviews, and accountability conversations
• Create clear role expectations and measurable standards for each team member related to execution, quality, documentation, communication, and ownership
• Ensure the Senior Engineer — Cyber/Manager is effectively leading technical execution while the department as a whole remains aligned to standards and priorities.
• Support hiring, onboarding, role design, and future team scaling within the cybersecurity function
• Develop structured growth plans for technical team members, including certification paths, cross-training, mentoring expectations, and progression planning
• Maintain team readiness for after-hours support, major incidents, client escalations, and continuity of service across the department

Cybersecurity Tooling, SIEM, SOC & Platform Governance

• Own the operational performance, administration standards, and service delivery model for the cybersecurity tool stack across the client base
• Oversee the strategic and operational use of SIEM, SOC, MDR, EDR, vulnerability scanning, email security, identity security, awareness training, threat intelligence, dark web monitoring, and related security platforms
• Define and maintain standards for alerting, escalation thresholds, tuning expectations, monitoring coverage, investigation procedures, response workflows, documentation requirements, and client reporting across all cybersecurity platforms
• Ensure cybersecurity tools are configured, maintained, and governed in a way that supports effective service delivery, scalability, and consistent client outcomes
• Review platform effectiveness regularly, including alert quality, response quality, licensing alignment, coverage gaps, integration issues, and opportunities for automation or optimization
• Approve and govern changes to cybersecurity platform standards, default configurations, operational workflows, and escalation models before rollout

SOC, SIEM & Third-Party Security Workflow Management

• Oversee SIEM and SOC operating workflows, whether services are delivered internally or through external partners, to ensure proper alert routing, investigation ownership, timely escalation, and documented follow-through
• Establish and maintain clear workflows between the Cyber team and all third-party security providers, including SOC partners, MDR providers, compliance vendors, penetration testing firms, and incident response partners
• Define ownership boundaries, escalation paths, communication standards, handoff procedures, and expected turnaround times for all third-party cyber relationships
• Hold third-party vendors accountable for service performance, reporting quality, escalation discipline, and contractual obligations
• Ensure third-party workflows are documented, current, and aligned with internal operational expectations and client needs
• Review partner performance regularly and recommend changes where service gaps, inefficiencies, or quality concerns exist

Service Quality, Escalation Management & Technical Oversight

• Maintain oversight of cybersecurity service quality across all managed clients, ensuring work is executed consistently and in accordance with department standards
• Serve as the management escalation point for major security incidents, high-risk client issues, unresolved vulnerabilities, recurring security failures, and critical cyber-related service breakdowns
• Review security assessments, remediation plans, incident response outcomes, hardening recommendations, and root cause findings for quality and completeness
• Ensure significant incidents are documented properly, escalated appropriately, and followed through to permanent remediation or risk acceptance
• Maintain visibility into recurring alert patterns, unresolved control gaps, vulnerability trends, and client environments that require leadership attention or additional action
• Support the Senior Engineer and broader technical team in resolving issues that require cross-functional coordination, priority alignment, or management intervention

Proactive Security Program Oversight

• Ensure quarterly security posture assessments are completed consistently for all applicable managed clients and are documented to standard
• Oversee the department's approach to endpoint protection, patch-related security compliance, vulnerability remediation cadence, email security hygiene, identity hardening, and privileged access review
• Ensure proactive security activities are scheduled, completed, tracked, and reported on according to departmental expectations
• Validate that findings from proactive reviews are translated into remediation actions, client recommendations, project scopes, or risk tracking as appropriate
• Drive continual improvement of proactive security programs so the department is not operating reactively or relying solely on alerts and incidents to identify risk

Client Risk Oversight & Strategic Security Leadership

• Maintain executive-level visibility into client security posture, open risk items, recurring vulnerabilities, incident trends, and accounts requiring elevated attention
• Ensure clients receive clear, risk-based guidance related to remediation priorities, security maturity improvements, compliance readiness, and strategic security investments
• Support Quarterly Business Reviews and strategic client meetings with security posture insights, incident summaries, roadmap recommendations, and leadership-level risk context, as requested
• Partner with Client Success and technical leadership to align cybersecurity recommendations with client business priorities, contracted services, and operational realities
• Identify opportunities for expanded security services, security maturity improvements, compliance-related services, and broader advisory engagement

Incident Response, Root Cause & Operational Discipline

• Ensure the department maintains current incident response standards, runbooks, escalation procedures, contact trees, and recovery guidance for managed clients
• Oversee the quality and timeliness of incident triage, response coordination, remediation follow-through, and post-incident review activities
• Require documented root cause analysis for qualifying security incidents and ensure corrective actions are assigned, tracked, and completed
• Drive discipline around recurring security issue identification, trend review, and permanent corrective action rather than repeated short-term resolution
• Ensure lessons learned from incidents are translated into improved standards, updated runbooks, client guidance, or internal process changes

Compliance Support, Governance & Internal Security

• Oversee the cybersecurity department's support of client compliance initiatives, including audit preparation, control validation, remediation tracking, evidence support, and assessor coordination
• Ensure the team is prepared to support client needs related to frameworks and standards such as CIS Controls, NIST 800-171, HIPAA Security Rule, SOC 2 Trust Criteria, and similar obligations
• Oversee penetration testing coordination, findings review, remediation follow-up, and readiness support for clients with formal security or regulatory requirements
• Own oversight of the MSP's internal security posture within the department's scope, including staff endpoint protection, MFA enforcement, privileged access hygiene, internal tool access review, and internal cyber improvement planning
• Maintain visibility into internal security gaps and ensure findings are escalated, tracked, and reviewed with leadership as appropriate

Documentation, Standards & Continuous Improvement

• Ensure cybersecurity SOPs, investigation playbooks, standards, hardening guides, and knowledge base content are documented, maintained, and reviewed on a defined cadence
• Own the quality standard for cybersecurity documentation in Hudu and related systems