Information Security SOC Manager - Sugar Land or Lubbock

POSITION PURPOSE

The Information Security Operations Center Manager (SOC Manager) is tasked with developing, maintaining, and continuously enhancing the Bank’s threat detection and incident response capabilities. This critical role strengthens the Bank’s cybersecurity defenses by spearheading the creation of advanced threat detection systems and robust response strategies to address adversarial actions and non-compliant activities that threaten critical technology infrastructure and sensitive data. The SOC Manager ensures these capabilities align with regulatory requirements and the Bank’s enterprise risk management goals, safeguarding essential operations and assets. They lead and mentor a high-performing team of security analysts, fostering a culture of operational excellence and readiness. The role involves directing coordinated incident response efforts, working collaboratively with cross-functional teams to deliver a unified, risk-based approach to incident management. Additionally, the SOC Manager advises leadership on security initiatives, drives strategic projects, and serves as a trusted expert on emerging threats and cyber risks. They play a key role in enhancing enterprise-wide incident response preparedness, advancing risk mitigation strategies, and promoting cybersecurity awareness throughout the organization.

 ESSENTIAL FUNCTIONS AND BASIC DUTIES

1. Lead the SOC team in effectively identifying, classifying, and escalating cybersecurity incidents. Oversee the full lifecycle management of low-impact incidents, ensuring timely containment and resolution. Serve as the Incident Response Team (IRT) Lead, providing operational direction, coordination, and oversight during incident response efforts, under the strategic guidance of the CISO.
2. Provide leadership and direction to the SOC team to ensure adherence to established security policies, procedures, and operational standards. Monitor and enforce quality assurance practices to support the timely detection, analysis, and mitigation of security threats.
3. Integrate leadership priorities into security operations by managing and developing SOC staff and resources to support cybersecurity objectives in alignment with organizational goals and regulatory requirements. 
4. Maintain clear and effective communication with internal stakeholders across the organization, while actively engaging with industry partners and other external entities as needed to support collaboration, threat intelligence sharing, and coordinated incident response efforts.
5. Provide leadership and direction to the SOC team to ensure adherence to established security policies, procedures, and operational standards. Monitor and enforce quality assurance practices to support the timely detection, analysis, and mitigation of security threats.
6. Establish key performance indicators to measure program and response readiness, and lead the development, implementation, and continuous improvement of incident response strategies, policies, and procedures to advance and sustain operational excellence. 
7. Identify skill requirements for SOC personnel based on evolving threat landscapes and organizational goals. Conduct regular skill gap assessments to evaluate current capabilities and future needs, design and implement targeted training and skill development programs to strengthen technical competencies, enhance incident response readiness, and support overall security objectives.
8. Advise senior leadership on security initiatives, lead strategic projects, and serve as a key resource on emerging threats and cyber risk. Contribute to incident response readiness, enterprise risk mitigation, and cybersecurity awareness across the organization.
9. Perform cyber defense and threat activity trend analysis and reporting to inform IT operations and senior management; prepare and deliver threat and target briefings; and maintain a continuously updated situational overview of incidents throughout their lifecycle to support timely, actionable risk-based decision-making.
10. Plan and facilitate scenario-based tabletop exercises to evaluate the effectiveness of the Incident Response Plan and IR team performance. Coordinate cross-functional participation, assess response actions, identify gaps, and document lessons learned. Deliver post-exercise reports with actionable recommendations and present findings to leadership to drive continuous improvement.
11. Drive the development of advanced threat detection capabilities using SIEM, UEBA, and related security tools to generate high-confidence, actionable alerts for potential malicious or non-compliant activity; develop and optimize detection logic, threat hunting queries, and compliance monitoring use cases to support continuous visibility and proactive risk identification across the environment.
12. Lead the creation of actionable post-mortem reports following security incidents, detailing attacker tactics and techniques, root cause analysis, impact assessments, and other key findings, providing insights to support continuous improvement and reduce future risk.
13. Design and implement enhancements to improve the identification of adversarial tactics, techniques, and procedures (TTPs) and techniques, integrate external and internal observations to develop actionable threat models, and identify potential exposures, and provide strategic remediation recommendations to leadership and collaborate with cross-functional teams to drive effective risk-based defense prioritization.
14. Work outside of regular business hours when necessary.
15. Other duties as assigned.

 The above statements describe the general nature and level of work only. They are not an exhaustive list of all required responsibilities, duties, and skills.  Other duties may be added, or this job description amended at any time.

 SUPERVISORY RESPONSIBILITIES

• Lead and manage team through training, developing, and coaching associates on a consistent basis.
• Encourage others to set challenging goals and high standards of performance.
• Inspire associates to define new opportunities and continuously improve the organization.
• Celebrate and reward significant achievements of associates.
• Present logical and persuasive case for proposals and positions.
• Assist team in addressing their individual strengths and development needs.

 QUALIFICATIONS

Education/Certification: Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or related discipline; or the equivalent of combined education and relevant work experience. Advanced degrees in cybersecurity can substitute work experience on a year-for-year basis. Professional certifications through ISC(2), ISACA, GIAC, OffSec are preferred.

Required Knowledge:        

Management, operational planning processes, decision-making policies and procedures, skill development principles and practices.

Adversarial tactics, cyber-attack and exploitation tools and techniques (including network exploitation), data exfiltration methods, and insider attack patterns to effectively anticipate, detect, and counter malicious activities.

Analytical, data analysis, and information searching tools and techniques, along with working proficiency in security information and event management (SIEM) and event correlation methods to accurately detect, analyze, and respond to security incidents. 

Threat modeling tools and techniques, including MITRE ATT&K and the Cyber Kill Chain, to identify gaps in safeguards.

Cybersecurity principles and practices—including data integrity, operations security (OPSEC), network security, access control, data encryption, adversarial tactics, threat remediation, and the principle of defense-in-depth.

Threat intelligence requirement analysis, collections planning, and maintenance principles and practices used to derive actionable security insights. 

Cybersecurity threats, vulnerabilities, and threat characteristics—including system and network attack vectors, malware, filename extension abuse, and web application security risks.

Strong understanding of: 

Research methods, including OSINT, penetration testing, and vulnerability assessment used to identify and analyze potential security exposures.

Cloud service models, web security principles and practices, and network communications and computer networking principles, including network addressing, configurations, digital communication systems, and associated protocols and endpoints, to ensure secure network environments.

Client/server architecture, operating systems and software, encryption algorithms (including their capabilities and applications), and authentication/authorization tools and techniques.

Familiarity with: 

 Malware analysis principles, to identify, investigate, and mitigate malicious software threats

Experience Required:        

Minimum of 3 years of experience in security operations, cyber defense, offensive security, or incident management roles, with a proven focus on designing and implementing detection and mitigation processes to counter cybersecurity threats effectively.

Experience with managing or supervising small, focused teams.

Proven working knowledge of enterprise-level security technologies—including SIEM, UAM (User Activity Monitoring) platforms, IPS/IDS, EDR/XDR, NGFW, and related tools—with the ability to evaluate, enhance, and expand their use to support effective incident detection, investigation, and response.

Practical experience with common cybersecurity frameworks such as NIST CSF, MITRE ATT&CK, Cyber Kill Chain, SANS Incident Response, NIST SP800-61, etc.

Demonstrated ability to successfully execute initiatives in complex and highly regulated environments.

Banking or financial services industry experience is a plus.

Skills/Abilities:                             

Navigating a fast-paced, highly regulated environments by applying critical thinking, establishing priorities, and tailoring complex information for diverse audiences.

Effectively communicating, collaborating, and building strong relationships with internal and external stakeholders to achieve organizational objectives.

Anticipating threats, leading incident response processes, and recognizing behavioral patterns to detect and mitigate potential security risks.  

Competencies in mitigating cognitive biases, extrapolating from incomplete data sets, and performing comprehensive data analyses to derive actionable insights. 

Managing a workforce and coordinating cybersecurity operations across an organization, and assessing effects generated during and after cyber operations.

Forecasting requirements and assessing partner and internal operations capabilities.

Integrating organization objectives, and creating, implementing, and monitoring processes and procedures.

Determining information requirements, developing intelligence collection strategies, evaluating the feasibility and utility of intelligence collection sources, and developing, creating, and maintaining intelligence collection plans.

Conducting requirements, capability, data structure, and trend analysis; developing analytics; and performing risk, security, cyber readiness, and impact assessments. Experienced in evaluating data source quality and preparing briefings and readiness reports.

Collecting and performing network traffic and packet-level analysis to identify network threats, protect against malware, and conduct intrusion data analysis.  

Gathering and querying data from diverse sources—including open-source and metadata extraction—correlating information across multiple tools and conducting thorough research. 

Developing and analyzing large data sets to develop unique threat detections and security insights. 

Recognizing and categorizing vulnerabilities, identifying malware threats, and effectively containing malware to protect systems and data.  

Detecting host- and network-based intrusions, identifying insider threats, recognizing recurring threat incidents, uncovering filename extension abuse, spotting anomalous activity, and interpreting digital forensics data to maintain a robust security posture. Management, operational planning processes, decision-making policies and procedures, skill development principles and practices.

PHYSICAL ACTIVITIES AND REQUIREMENTS OF THIS POSITION

TALKING: Especially where one must frequently convey detailed or important instructions or ideas accurately, loudly, or quickly.

AVERAGE HEARING: Able to hear average or normal conversations and receive ordinary information.

REPETITIVE MOTION: Movements frequently and regularly required using the wrists, hands, and/or fingers.

AVERAGE VISUAL ABILITIES: Average, ordinary, visual acuity necessary to prepare or inspect documents or products, or operate machinery.

PHYSICAL STRENGTH: Sedentary work; sitting most of the time. Exerts up to 10 lbs. of force occasionally. (Almost all office jobs.)

WORKING CONDITIONS

NONE: No hazardous or significantly unpleasant conditions (such as in a typical office).

MENTAL ACTIVITIES AND REQUIREMENTS OF THIS POSITION

REASONING ABILITY: Ability to apply logical or scientific thinking to define problems, collect data establish facts and draw conclusions.

Able to interpret a variety of technical instructions and deal with multiple variables.

MATHEMATICS ABILITY: Understanding of concepts such as probability, statistics, and basic algebra.

LANGUAGE ABILITY: Ability to read periodicals, journals, manuals, dictionaries, thesauruses, and encyclopedias.

Ability to prepare business letters, proposals, summaries, and reports using prescribed format and conforming to all rules of punctuation, grammar, diction, and style.

Ability to conduct training, communicates