Senior Manager -Security Operations Center (SOC)

Grant Thornton INDUS -
Bengaluru, Karnataka

Apply Now

Job details

Qualifications

Firewall
NIST standards
ISO 27001
Cybersecurity
Log analysis
Network security

Full job description

ID: 802531

10 - 18 Years

1 Opening

Bengaluru

Role description

Role Overview
Senior cybersecurity leader with 12–15+ years of experience leading global 24x7 Security Operations Centers (SOC), driving enterprise incident response, and strengthening organizational security posture across hybrid environments. Proven ability to lead internal teams and MSSP partners, manage large-scale incident response efforts, and implement advanced detection and response strategies using modern security platforms such as CrowdStrike Falcon, Proofpoint, and Palo Alto.
Bridge the gap between technical security operations and executive leadership by translating complex cyber risks into clear business impact, enabling informed decision-making. Experienced in managing high-severity incidents, building mature SOC programs, leading cross-functional response efforts, and continuously improving operational readiness against evolving cyber threats.

Leadership & Strategic Responsibilities

Lead and oversee global 24x7 Security Operations across multiple regions, ensuring continuous monitoring, detection, and response to cybersecurity threats.
Provide strategic direction for SOC maturity, incident response, threat detection, and operational resilience.
Act as the primary escalation point for critical security incidents and executive-level cyber risk discussions.
Build, mentor, and lead high-performing SOC teams, including SOC managers, senior analysts, and incident responders.
Manage and govern MSSP partnerships, ensuring service quality, SLA adherence, and operational effectiveness.
Develop and execute long-term SOC roadmap aligned with organizational security strategy and business objectives.
Lead major incident bridges, coordinate executive communications, and provide real-time updates to senior leadership.
Drive security initiatives related to mergers, acquisitions, and global expansion, ensuring consistent security integration and monitoring.
Establish KPIs, operational metrics, and performance dashboards to measure SOC effectiveness and drive continuous improvement.
Provide executive briefings on threat landscape, operational risks, incident trends, and mitigation strategies.
Coordinate resolution of platform-related issues and ensure timely escalation and remediation.
Evaluate and implement new security technologies to improve detection, response, and operational efficiency.

Incident Response Leadership & Cyber Defense

Lead enterprise-wide incident response efforts, including ransomware, phishing campaigns, insider threats, and advanced persistent threats (APT).
Oversee implementation and continuous improvement of the Cybersecurity Incident Response Plan (CIRP) and incident response playbooks.
Direct containment, eradication, recovery, and Root Cause Analysis (RCA) for high-severity and business-critical incidents.
Coordinate response activities across IT, Legal, HR, Compliance, Risk, and executive leadership teams.
Ensure rapid and effective resolution of incidents while minimizing business disruption.
Translate technical incident findings into executive-level summaries with clear business impact and recommended actions.

Security Operations & Technology Oversight
Provide operational and strategic oversight of key security technologies:

CrowdStrike Falcon MDR / Next-Gen SIEM / EDR
Proofpoint Email Security (TAP, phishing defense, brand protection)
Palo Alto Firewalls (network threat prevention, traffic monitoring)
Identity and access telemetry, cloud security logs, and endpoint telemetry
Threat intelligence platforms and threat hunting tools

Key responsibilities include:

Oversee monitoring, investigation, and response across endpoint, network, email, identity, and cloud environments.
Validate threat detections, investigate suspicious activity, and ensure timely escalation and remediation.
Lead threat hunting programs using intelligence-driven methodologies and MITRE ATT&CK framework.
Approve blocking of malicious IPs, domains, and threat indicators.
Ensure logging, monitoring, and detection capabilities meet enterprise and regulatory requirements.

SOC Program Development & Operational Excellence

Develop, maintain, and continuously improve SOC operational runbooks and procedures.
Establish and maintain incident classification frameworks, severity matrices, and escalation workflows.
Ensure compliance with regulatory and security frameworks including ISO 27001, NIST, SOC 2, and internal policies.
Lead SOC transformation initiatives including automation, detection engineering, and operational optimization.
Improve SOC efficiency through automation, workflow optimization, and advanced analytics.

Executive Communication & Risk Translation

Provide executive-ready reports on security posture, threat landscape, and incident trends.
Translate technical cybersecurity risks into business-relevant language for leadership and stakeholders.
Deliver strategic recommendations to reduce enterprise risk and strengthen security posture.
Present security metrics, operational improvements, and threat intelligence insights to executive leadership.

Technical Leadership & Investigation Expertise

Extensive experience investigating complex security incidents across endpoints, networks, cloud, and email environments.
Strong expertise in log analysis, threat detection, forensic investigation, and attack chain analysis.
Deep understanding of attacker techniques, tactics, and procedures (TTPs).
Experience leading threat hunting initiatives to proactively identify hidden threats.
Knowledge of security architecture, network security, identity security, and endpoint protection.

Skills

Experience Requirements
Senior SOC Manager:

12+ years of cybersecurity experience
6+ years in SOC leadership or incident response leadership roles

Associate SOC Director:

15+ years of cybersecurity experience
8+ years in SOC leadership, incident response, or cyber defense leadership roles
Experience managing global SOC operations and MSSP partnerships

Core Competencies
Leadership & Management
Incident Response & Investigation
SOC Operations Management
Threat Detection & Threat Hunting
Executive Communication
Cyber Risk Translation
Security Strategy & Governance
MSSP & Vendor Management
Security Tool Integration & Optimization
Global Security Operations

About Grant Thornton INDUS

‘Grant Thornton INDUS’ comprises GT U.S. Shared Services Center India Pvt Ltd and Grant Thornton U.S. Knowledge and Capability Center India Pvt Ltd. Grant Thornton INDUS is the shared services center supporting the operations of Grant Thornton LLP, the U.S. member firm of Grant Thornton International Ltd. Established in 2012, Grant Thornton INDUS employs professionals across a wide range of disciplines including Tax, Audit, Advisory, and other operational functions. What sets us apart isn’t just what we do – it’s how we do it. We support and enable the firm’s purpose of making business more personal and building trust into every result. We’re collaborators – obsessed with quality and ready for anything – who understand the value of strong relationships. Our professionals are well integrated to seamlessly support the U.S. engagement teams, help increase Grant Thornton’s access to a wide talent pool, and improve operational efficiencies. Empowered people, bold leadership, and distinctive client service are imbibed in the culture at Grant Thornton INDUS. We are a transparent, competitive, and excellence-driven firm that offers an opportunity to be part of something significant. In addition, professionals at Grant Thornton INDUS serve communities in India through inspirational and generous services to give back to the communities they work in. Grant Thornton INDUS has its offices in two locations in India – Bengaluru and Kolkata

Apply Now

Role description

Skills

About Grant Thornton INDUS

Jobseeker tools

Employer Tools

Browse

Stay Connected