1000000558.Security Operations Manager.Info Tech Services

Provides leadership and coordination of Dallas County’s Security Operations Center (SOC) ensuring comprehensive threat detection, response, and operational security across the enterprise. Oversees day-to-day security operational functions, managing security incidents, response efforts, and aligning security operations with County policies and regulatory requirements. Ensures that monitoring tools, detection strategies, and incident handling processes are optimized and continuously improved while working across departments, technologies, and teams to ensure Dallas County’s digital infrastructure is continuously protected and resilient. Management Scope: Manages exempt staff. Builds and leads day-to-day security operations, including the management and integration of Dallas County’s Security Operations Center (SOC), ensuring SLA delivery and effective execution of threat detection, monitoring, and incident response activities. Manages and prioritizes incoming security incidents and tickets, ensuring timely triage, assignment, resolution, and escalation as needed in alignment with County policies and risk thresholds. Develops and maintains operational documentation such as standard operating procedures, incident response playbooks, and detection workflows to support consistent and effective operations. Serves as the lead for coordinating response efforts during cybersecurity incidents, including incident tracking, status updates, and post-incident reviews. Ensures integration and optimization of security technologies (e.g., SIEM, EDR, firewalls, identity systems) to support real-time monitoring and threat visibility. Collaborates with internal teams, vendors, and operational stakeholders to enhance detection capabilities using contextual intelligence and known threat indicators. Provides status updates, metrics, and recommendations to the Chief Information Security Officer (CISO) and Chief Privacy Officer (CPO) to support strategic decision-making and continuous improvement. Performs other duties as assigned. Education, Experience and Training: Education and experience equivalent to a Bachelor’s degree from an accredited college or university in Bachelor’s degree in Information Security, Computer Science, Information Technology, or in a job-related field of study. Six (6) years of work-related experience in cybersecurity, including three (3) years supervisory experience. Certifications (Preferred): • CISSP, SANS GCIA, or other relevant professional certifications Special Requirements/Knowledge, Skills & Abilities: • Deep understanding of threat detection, incident response, and security monitoring practices, including application of indicators of compromise (IOCs) and threat intelligence. • Ability to triage, prioritize, and manage incoming security alerts and incident tickets, with ability to improve workflows and tool integrations as necessary for operational performance. • Proficiency in developing and implementing incident response plans, playbooks, and operational procedures aligned with best practices and compliance standards. • Analytical and critical thinking skills for assessing evolving threats and identifying opportunities for improving detection and response capabilities. • Skilled in coordinating internal and external teams to ensure timely and effective resolution of security events. • Ability to maintain composure and lead effectively during crisis scenarios, including real-time decision-making, incident response, and post-incident analysis. • Knowledge of regulatory frameworks and compliance requirements relevant to government environments (e.g., CJIS, HIPAA, NIST). • Strong expertise in cybersecurity operations, incident coordination and response, and communication across technical and business units is essential. • Extensive experience in cybersecurity operations, including threat detection, incident response, and operational coordination. • Demonstrated ability to lead day-to-day security operations and manage security events through their full lifecycle. • Demonstrated experience managing and integrating enterprise security tools and technologies such as security information and event management (SIEM), endpoint detection and response (EDR), firewall technologies, and identity access management (IAM). • Strong understanding of network security, infrastructure protection, cloud environments, and zero trust principles. • Experience developing and executing standard operating procedures, incident response plans, and playbooks. • Familiarity with cloud environments, including managing security controls, configuration and log monitoring across platform-as-a-service (PaaS), software-as-a-service (Saas), and cloud-based identity and access management solutions. Must possess a valid Texas Driver’s License and good driving record. Will be required to provide a copy of 10-year driving history. Must maintain a good driving record and remain in compliance with Article II, Subdivision II of Chapter 90 of the Dallas County Code. “Individuals holding or considered for a position which has, or may have, access to criminal justice databases including the FBI Criminal Justice Information Systems, NCIC/TCIC and similar databases, must pass a national fingerprint-based records check prior to placement in such position and may be denied placement in such positions and/or access to such systems. Individuals must also maintain the ability to pass the records check while in the position or until such time that the Commissioners Court and the County Civil Service Commission deem this position no longer has this requirement.” Physical/Environmental Requirements: Ability to work in a fast-paced, evolving technology environment. Ability to travel to various work site locations, vendor meetings, conferences, and industry events.