Manager, Security Operations (SecOps)

Overview of the Role

As 66degrees continues its rapid growth as a premier Google Cloud professional services partner, the security of our internal systems, employee identities, and client data is our top priority. We are seeking a hands-on, highly technical Manager of Security Operations (SecOps) to be the foundational leader of our new dedicated internal InfoSec operational function.

Reporting directly to our U.S. Director who leads our broader IT, IAM, and current Security infrastructure you will take ownership of our day-to-day security operations across a global workforce of 550+ employees. You will build and manage security monitoring processes, lead incident response for security alerts, enforce compliance frameworks, and serve as an escalation point and mentor for our global teams. The ideal candidate is someone who is both admin and security trained at scale.  We are looking for a person who can write a script to automate an alert in the morning and present a risk dashboard to leadership in the afternoon on new threat vectors.

Key Responsibilities

Security Monitoring & Incident Response

• Build, own and manage the daily operations of our security toolset (SIEM (Google SecOps or Splunk), EDR/XDR (SentinelOne), Email Security, Cloud Security, and Endpoint Security (Rippling MDM) Posture Management.
• Serve as the primary incident lead for system security events; investigate, contain, and remediate alerts, and lead post-incident post-mortems as they are requested.
• Develop, document, and maintain security playbooks and standard operating procedures (SOPs) for securing and hardening of our various solutions within the 66degrees tech stack.

Vulnerability & Posture Management

• Conduct continuous vulnerability scanning and coordinate patching/remediation cycles across endpoints, networks, and cloud environments (GCP, Azure, AWS).
• Partner closely with the U.S. Director to operationalize, enforce, and refine Zero Trust, Device Trust, Browser Trust, and Identity and Access Management (IAM) policies.
• Monitor, harden, and secure our core business applications such as but not limited to Google Workspace, Google Cloud Platform (GCP), Slack, Salesforce, and Rippling environments against misconfigurations, and unauthorized access.

Leadership & Global Enablement

• Act as the security subject matter expert and internal escalation point for the IT Service Desk team located in India, along with the broader global company teams.
• Train and upskill global teams on how  to perform "Tier 1" security triage (e.g., investigating phishing reports, basic malware alerts, account lockouts, and how to avoid IT worker scandals), creating a scalable company security framework.
• Foster a culture of security awareness across the company by leading regular employee training and simulated phishing campaigns (KnowBe4). Along with always advising on the principle of least privilege way of thinking.

Compliance & Risk

• Lead the technical GRC Buildout (Drata), Trust Center Buildout (SafeBase), evidence gathering, and control enforcement for external audits and compliance frameworks (e.g., SOC 2, ISO 27001).
• Assist the go-to-market and legal teams by filling out client security questionnaires and vendor risk assessments, directly accelerating our sales cycles.
• Track and report on key SecOps metrics (Time to Detect/Respond, patch compliance, etc.) to IT leadership

Required Qualifications

• Experience: 8-12+ years of progressive experience in Information Security, IT Security, or Security Operations, with at least 2-3 years in a team lead or management capacity.
• Cloud/SaaS Expertise: Deep technical understanding of Google Workspace administration and security, as well as cloud infrastructure security (specifically Google Cloud Platform / GCP).
• SecOps Engineering: Hands-on experience building, configuring, monitoring, and responding to alerts in EDR platforms (e.g., CrowdStrike, SentinelOne), SIEM platforms (e.g., Splunk, Google SecOps), and IAM platforms (e.g., Rippling, Okta, GCP, Entra, Azure, AWS, GWS).
• Compliance: Experience operating within compliant environments and supporting audits for SOC 2 Type II or ISO 27001 frameworks. Along with experience setting up and managing a GRC platform (e.g., Drata, Ostendio).
• Scripting: Proficiency in scripting (Python, PowerShell, Bash, or Google Apps Script) to automate repetitive security tasks and API integrations.
• Communication: Excellent English communication skills, with a proven ability to bridge time zones and cultural nuances while managing remote/offshore resources.

Preferred Qualifications

• Industry-recognized security certifications such as CompTIA Security+, CISSP, CISM, CCSP, or GCIA.
• Google Cloud Professional Cloud Security Engineer certification is highly desired.
• Google Cybersecurity Certificate is highly desired.
• Previous experience working in a professional services, consulting, or managed services firm.
• Previous experience building an at scale internal security team.