Security Operations Lead - Senior Manager

About KPMG Cyber

KPMG Cyber is the global cybersecurity delivery capability within KPMG Advisory. It is responsible for delivering cyber outcomes across governance, strategy, engineering, and operations through a single, integrated global delivery model.

KPMG Cyber operates across multiple global delivery centers using common standards, service models, tooling, and career architectures. This ensures that cyber capabilities delivered in one location are consistent, scalable, and interoperable with those delivered elsewhere.

Organization and Operating Model

Structural Design KPMG Cyber operates through a deliberate separation between Delivery and Sales & Enablement.

• Sales and Enablement: Responsible for market engagement, solution shaping, and opportunity development.
• Delivery Leadership: Focuses on execution excellence, scalability, talent development, and consistent client outcomes.

The Four Delivery Pillars Delivery is organised into four core, peer organisational pillars:

1. Technology GRC: Governs technology and cyber risk, accountability, and assurance.
2. Security Strategy & Architecture: Designs cyber strategy, target states, and architectures.
3. Security Engineering: Builds and implements cyber capabilities.
4. Security Operations: Runs and operates those capabilities over time.

The Security Operations Lead is the domain leader accountable for the Security Operations pillar within the Manila Cyber Delivery Centre. The role exists to run high-quality, resilient security operations services, including SOC and MDR, aligned to global KPMG Cyber run standards.

This role combines operational leadership, service management rigour, and people leadership within a 24x7 environment. You will ensure services meet defined outcomes, operate to clear SLAs, and continuously improve detection and response effectiveness.

Role Scope and Accountability

Reporting Lines

• Primary: Reports to the Manila Cyber Delivery Centre Lead.
• Functional: Functional reporting line to the Global Security Operations Lead.
• Collaboration: Partners with Sales and Enablement to ensure operational commitments are deliverable and sustainable.

Domain Scope

• Monitoring & Response: Triage, analysis, investigation, breach response, and forensics.
• Observability Operations: SIEM/SOAR management, use case development, and log onboarding.
• Platform Operations: Security platform management and continuous improvement.
• Threat & Vulnerability Management: Threat hunting, intelligence, and attack surface monitoring.
• Incident Resolution: Crisis response, compromise assessment, and CSIRT.

Key Responsibilities

• Lead SOC & MDR Delivery: Ensure service outcomes, SLAs, and operational governance are met for Manila-based delivery.
• Senior Escalation Point: Act as the final point for incidents, operational risks, and service degradation; drive disciplined resolution.
• Drive Operational Maturity: Focus on detection tuning, false-positive reduction, and automation.
• 24x7 Leadership: Build and lead management layers, including shift leadership, quality oversight, and succession planning.
• Cross-Pillar Partnership: Work with Engineering and Architecture to ensure platform changes and onboarding remain controlled.

Skills and Experience

Security Operations Leadership: Experience leading SOC or MDR operations with accountability for outcomes, not just activity. Expected level: Expert: runs services at scale; sets operational standards; leads under pressure.

Service Management and SLA Discipline: Ability to operate to defined outcomes, SLAs, and governance cadence, with transparent reporting and issue management. Expected level: Advanced: builds predictable operations; prevents drift and unmanaged commitments.

Incident Management and Escalation: Strong capability in incident coordination, escalation management, and crisis decision-making. Expected level: Expert: calm under pressure; makes clear calls; drives resolution.

Detection Engineering and Continuous Improvement: Understanding of how to improve signal quality: tuning, coverage, false-positive reduction, and evidence-based improvement. Expected level: Advanced: drives measurable improvement; partners with engineering and architecture.

SIEM, SOAR, and Operational Tooling: Working mastery of operational platforms and the governance required to operate them safely and effectively. Expected level: Advanced: assures platform operations; drives automation and reliability.

Threat Intelligence and Hunting: Ability to incorporate threat context and proactive hunting into operational improvement. Expected level: Advanced: improves relevance of detections and prioritization.

Operational Governance and Risk: Ability to define and enforce operational boundaries, shared responsibility, and control evidence. Expected level: Advanced: prevents scope creep; protects trust and contractual clarity.

People Leadership in 24x7 Environments: Experience building shift-based organizations with strong coaching, performance management, and retention. Expected level: Advanced: builds resilience and leadership depth.

Stakeholder Leadership: Ability to coordinate across member firms, clients, and global leaders with transparency and clarity. Expected level: Advanced: trusted communicator; escalates early; protects credibility.

Minimum Qualifications

• Education: Bachelor's degree in Information Security, IT, or related discipline.
• Experience: Typically 10 to 14 years of relevant experience in security operations or SOC leadership.
• Certifications: Preferred: CISSP, GCIA, GCIH, or equivalent.