Manager of Cybersecurity Operations

Company Overview:

Hillwood, a Perot Company, is a premier real estate investment and development company founded on a culture of integrity, respect, excellence and teamwork. The company is a full-service real estate developer, investor and advisor focused on developing opportunities for investors, partners and communities around the world. See additional details at www.hillwood.com.

Position Summary:

Hillwood IT is seeking a Manager of Cybersecurity Operations to join our team in Dallas, TX to lead, mature, and scale the enterprise cybersecurity operations function. This role will serve as the single accountable leader for cybersecurity operations execution across all Hillwood business divisions, with direct responsibility for monitoring, detection, incident response, vulnerability management, and identity governance.

This is a true builder role with a clear growth trajectory. Initially focused on operational excellence, this individual will define and execute the cybersecurity operations roadmap, establish foundational processes and controls, and build a high-performing team. As the program matures, the role will expand to oversee the broader cybersecurity function, including strategy, governance, and enterprise-wide initiatives.

The ideal candidate brings both hands-on technical depth and strong leadership capability—someone who can set direction at a strategic level while remaining actively engaged in investigations, decision-making, and security design. The Manager of Cybersecurity Operations will partner closely with IT leadership, business stakeholders, and external partners, and serves as a key escalation point for security events to the SVP of IT and executive leadership.

Responsibilities:

Cyber Operations Leadership and Team Management:

• Serve as the operational leader of the cyber function, managing daily priorities, workload distribution, and team performance across monitoring, incident response, identity governance, and risk reduction workstreams.
• Mentor and develop junior analysts; set clear expectations, conduct regular 1:1s, provide technical coaching, and support career development plans.
• Establish and maintain cyber operations playbooks, runbooks, SLAs, and escalation procedures; drive continuous improvement through lessons learned and metrics review.
• Manage the on-call rotation and ensure 24/7 coverage models are sustainable and effective.
• Serve as the primary point of contact for executive communication during security events; deliver clear, concise incident briefings to SVP IT and senior leadership.

Security Monitoring, Detection & Incident Response:

• Lead incident response activities for confirmed security events, coordinating investigation, containment, eradication, recovery, and post-incident review.
• Perform advanced threat analysis, log correlation, forensic triage, and root cause investigation across SIEM, EDR/XDR, email, identity, and cloud platforms.
• Own detection engineering: develop, tune, and maintain detection rules, correlation logic, and alerting thresholds to reduce noise and improve mean-time-to-detect (MTTD).
• Coordinate with external incident response partners, legal, and business leadership as needed during significant events.
• Maintain incident response plans and ensure alignment with NIST CSF and Hillwood’s risk framework.

Identity Governance & Administration (IGA):

• Own the IGA program operationally: manage the platform, define and maintain role-based access control (RBAC) models, entitlement catalogs, and access policies across Hillwood’s application and infrastructure landscape.
• Lead the design and execution of periodic access certification and recertification campaigns, ensuring compliance with audit requirements (ITGC, SOC 2, etc.).
• Manage joiner/mover/leaver (JML) automation workflows; identify gaps and drive continuous improvement in provisioning/de-provisioning accuracy and speed.
• Monitor and resolve IGA platform exceptions, including orphaned accounts, segregation of duties (SoD) violations, excessive privilege accumulations, and failed provisioning events.
• Serve as the functional owner for IGA vendor relationships and platform roadmap; coordinate with IT infrastructure on directory services, SSO, MFA, and Conditional Access integration.
• Ensure IGA controls satisfy NIST CSF requirements and support Hillwood’s Zero Trust architecture objectives.
• Produce IGA metrics and reporting for governance committees and audit evidence packages.

Vulnerability Management & Risk Reduction:

• Oversee the vulnerability management lifecycle: scanning, prioritization, remediation tracking, exception management, and reporting.
• Drive risk reduction initiatives across the environment, including security configuration hardening, attack surface reduction, and third-party risk assessment support.
• Lead phishing simulation programs and security awareness efforts in coordination with HR and communications.
• Support due diligence questionnaires and audit evidence requests, ensuring timely, accurate, and well-documented responses.

Security Architecture & Engineering Guidance:

• Provide security architecture input on infrastructure, application, and cloud projects; ensure security is considered in design decisions.
• Evaluate and recommend security tools, platforms, and process improvements; manage proof-of-concept efforts and vendor assessments.
• Collaborate with the EDL/data team and IT infrastructure on log onboarding, data source integration, and security telemetry strategy.
• Support Conditional Access policy management, Intune/MDM security posture, and DLP/information protection initiatives.

Governance, Compliance & Stakeholder Engagement:

• Represent the cyber function in governance forums, including the AI Steering Committee, vendor intake reviews, and data governance discussions.
• Maintain and report on NIST CSF maturity scores; own the cyber remediation roadmap and 90-day sprint planning.
• Build strong working relationships with division leaders, IT infrastructure, legal, HR, and external partners to align security operations with business priorities.
• Produce regular operational reporting (KPIs, incident trends, IGA metrics, vulnerability posture) for SVP IT and executive stakeholders.

Required Skills and Abilities:

• Strong technical depth in the following areas:
  • SIEM administration and detection engineering
  • EDR/XDR investigation and response
  • Identity and access management / IGA platforms (e.g., Microsoft Entra ID Governance)
  • Vulnerability management (e.g. Rapid7)
  • Cloud security (Azure, M365, Conditional Access, Intune)
• Working knowledge of security frameworks such as NIST CSF, NIST 800-53, and MITRE ATT&CK.
• Strong analytical and problem-solving skills with the ability to make sound decisions in high-pressure situations.
• Excellent written and verbal communication skills, with the ability to translate technical concepts for non-technical audiences.
• Demonstrated ability to handle sensitive and confidential information with discretion and integrity.

Education and Experience:

• Bachelor’s degree in IT, Computer Science or related field.
• 5–10+ years of progressive experience in cybersecurity operations, incident response, or security engineering.
• 2+ years of experience leading, mentoring, or managing a team (formal or informal).
• Experience producing executive-level security communications and incident briefings.
• Experience designing and executing access controls, RBAC models, and identity lifecycle processes.
• Preferred experience working with AI security monitoring (e.g. AI Agent monitors, etc.)

Benefits Highlights:

• Medical, dental, and vision insurance options
• Flexible Spending Accounts (FSA) or Health Savings Accounts (HSA) dependent on plan elections
• Paid time off, holidays, and floating holidays
• Paid parental and family caregiver leave
• Mental health and wellness resources
• Life insurance and disability coverage
• 401(k) retirement plan with company match
• Additional programs to support Associates and their families

EEO Statement:

Hillwood is committed to providing Equal Opportunity in Employment, to all applicants and employees regardless of race, color, religion, gender, age, national origin, military status, veteran status, handicap, physical or mental disability, sexual orientation, gender identity, genetic information or any other characteristic protected by law.

Equal Opportunity Employer
This employer is required to notify all applicants of their rights pursuant to federal employment laws. For further information, please review the Know Your Rights notice from the Department of Labor.