Security Operations Center (SOC) and Compliance Manager

Job Summary:

We are seeking a highly skilled and experienced SOC & Compliance Manager to lead our Security Operations Center (SOC) and ensure compliance with relevant regulations, industry standards, and security frameworks. This role requires a blend of technical expertise, leadership abilities, and an understanding of compliance requirements to manage and improve our cybersecurity posture. The SOC & Compliance Manager will oversee incident response, threat monitoring, security operations, and ensure adherence to regulatory and industry compliance standards.

Key Responsibilities:

SOC Management:

• Lead and manage a team of SOC analysts and engineers to ensure 24/7 monitoring, detection, and response to security incidents.
• Oversee the design, implementation, and continuous improvement of security monitoring tools and technologies (e.g., SIEM, IDS/IPS, firewalls, endpoint protection).
• Ensure timely and accurate triage, investigation, and response to security incidents.
• Develop, implement, and maintain incident response playbooks, procedures, and escalation processes.
• Provide leadership during major security incidents, including coordination with internal and external stakeholders.
• Regularly report on security incidents, trends, and overall SOC performance to senior management.

Compliance Management:

• Ensure compliance with regulatory requirements and industry standards such as ISO 27001, GDPR, HIPAA, PCI-DSS, SOC 2, and others as applicable.
• Develop, implement, and maintain security policies, procedures, and controls to meet compliance requirements.
• Conduct internal security audits and risk assessments, ensuring alignment with security frameworks and regulatory requirements.
• Coordinate with legal, HR, and other departments to address compliance and regulatory issues.
• Manage third-party security assessments, audits, and certifications.
• Stay up-to-date with evolving regulations, compliance requirements, and security best practices.

Collaboration & Communication:

• Act as a liaison between the SOC team and business units to align security operations with organizational goals.
• Work closely with IT, DevOps, and other departments to ensure security is integrated into the organization’s technology and business processes.
• Provide training and awareness programs to staff on security policies and compliance.

Requirements

Required Skills and Qualifications:

• Bachelor’s Degree in Information Security, Computer Science, or related field (or equivalent work experience).
• Experience: 7-10 years in cybersecurity, with at least 3-5 years in a SOC leadership role and experience managing compliance programs.
• Certifications (Preferred):
• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• Certified Information Systems Auditor (CISA)
• Certified in Risk and Information Systems Control (CRISC)
• GIAC Certified Incident Handler (GCIH)

Technical Expertise:

• Deep understanding of SOC operations, including incident detection, response, and remediation.
• Experience working with security tools such as SIEM, IDS/IPS, firewalls, vulnerability management systems, and endpoint protection platforms.
• Knowledge of common cybersecurity frameworks such as NIST, ISO 27001, COBIT, and familiarity with laws like GDPR, CCPA, HIPAA.
• Familiarity with cloud security (AWS, Azure, GCP) and securing hybrid environments.
• Experience with automation and orchestration tools (e.g., SOAR platforms) is a plus.

Compliance & Governance:

• Proven experience in ensuring compliance with security standards and regulations (e.g., ISO 27001, PCI-DSS, SOC 2, GDPR, HIPAA).
• Ability to develop, implement, and manage security policies and procedures aligned with regulatory frameworks.
• Experience with internal and external audits, risk assessments, and regulatory reporting.

Leadership & Soft Skills:

• Strong leadership and management skills, with the ability to mentor and lead a high-performing SOC team.
• Excellent written and verbal communication skills for interacting with senior leadership and regulatory authorities.
• Strong organizational and project management skills to handle multiple compliance initiatives simultaneously.
• Ability to work under pressure and manage security incidents in a fast-paced environment.
• Analytical and problem-solving skills to assess security risks and recommend solutions.