Security Operations Manager
Company: Beyond Finance
Location: Chicago
Posted on: April 2, 2026
|
|
|
Job Description:
At Beyond Finance, we've made it our mission to help everyday
Americans escape the endless cycle of crippling debt and step into
a brighter financial future. Through compassionate, individualized
care, a culture focused on compliance and ethics, supportive
user-centric technology, and customized financial solutions, we've
helped over 1 million clients on their path to a brighter future.
While we're proud of what we've already accomplished, we're
searching for new collaborators to help us get to the next level!
If you're looking to join a forward-thinking, rapidly growing
organization with helping people as its number one goal, we want to
hear from you. The Role As the Security Operations Manager, you
will lead our security operations function — a SOC-like team
responsible for monitoring the environment, triaging security
signals across cloud and endpoints, running the company's Insider
Risk program, and owning initial vulnerability triage. You have a
demonstrated track record of relentlessly pursuing high security
standards and holding your team accountable to them. You will
manage analysts who serve as the first line of detection for the
security organization, ensuring threats are identified, sized, and
routed with the right context and urgency. Your primary objective
is to build a disciplined, high-signal operations function that
drives down dwell time and keeps the broader security team focused
on the most impactful work. Key Responsibilities Security
Operations Ownership: Own the day-to-day function of the team —
alert triage, signal prioritization, on-call coverage, and
escalation workflows. Ensure the team operates consistently and
with a clear sense of urgency. Cloud & Endpoint Signal Triage:
Oversee triage of security signals sourced from cloud
infrastructure, endpoint detection, and network controls. Separate
noise from meaningful findings and ensure high-fidelity signals
reach the right team with full context. Incident Response
Ownership: Own the incident response function end-to-end — from
initial escalation through containment, cross-functional
coordination, and post-incident review. Ensure findings drive
detection improvements and close the loop with Security Engineering
where remediation is required. Insider Risk Program: Lead the
Insider Risk process end-to-end — from identifying coverage gaps
across cloud and endpoint environments, to behavioral monitoring
and DLP signal review, through investigation, escalation, and case
closure. Vulnerability Triage: Own initial triage and
prioritization of vulnerability findings. Size risk, assign
severity, and route to Security Engineering with the context needed
to make prioritization decisions. SIEM & Detection Management: Own
SIEM operations hands-on — including log source onboarding,
pipeline configuration, parsing, detection coverage, rule tuning,
and alert fidelity. Ensure the team is operationalizing threat
intelligence and not just reacting to whatever fires first. Team
Leadership: Lead and develop a team of security analysts, managing
performance and growth while building a culture of rigor and
ownership. Cross-Functional Partnership: Act as a key interface
between the security function and the broader business. Work
directly with HR and Legal on Insider Risk cases that require
cross-functional handling, and engage with business leadership to
communicate risk, provide operational context, and ensure security
decisions are grounded in business impact. SOC Metrics & Reporting:
Define and track operational KPIs — mean time to detect, mean time
to respond, case closure rates — and use them to drive continuous
improvement. Skill Requirements 5 years of hands-on experience in
security operations, incident response, or a SOC environment Direct
people management experience with analysts or security operations
staff Technical depth in SIEM platforms — log ingestion, pipeline
and parsing configuration, detection engineering, and alert tuning
Demonstrated experience running or contributing to an Insider Risk
or DLP investigation program, with the technical understanding to
identify coverage gaps across cloud and endpoint environments
Working knowledge of vulnerability triage and risk prioritization —
CVSS, asset context, business impact Ability to triage and
contextualize signals from cloud infrastructure and endpoint
tooling Clear communicator who can size and convey risk across
technical and non-technical audiences Desirable Skills Experience
with cloud-native security tooling and CSPM/CWPP signal
interpretation Familiarity with phishing triage and email security
investigation workflows Exposure to threat intelligence
operationalization — consuming feeds and translating them into
detection coverage Experience operating within a multi-team
security model with defined handoff processes between operations,
engineering, and GRC functions The Ideal Candidate You run a tight
operation and you're still technical enough to get your hands
dirty. You've built or managed SOC workflows before and know the
difference between a high-fidelity detection program and an alert
noise machine. You take Insider Risk seriously — you understand the
sensitivity, the cross-functional complexity, and the investigative
discipline it requires, and you can look across a cloud and
endpoint environment and identify where the coverage gaps actually
are. You can stand up a log pipeline, tune a parser, and write a
detection — and you can also walk a business leader through what a
finding means and why it matters. You communicate clearly, move
with urgency, and keep your team sharp on what actually matters.
LI-LB2 The base annual salary range is listed below. This role is
eligible for additional incentives, including an annual bonus. Base
Salary Range $145,000 - $170,000 USD Why Join Us? While you make a
difference for others, we’ll work to make a difference for you,
providing an uplifting, collaborative work environment and benefits
that reflect your value to us. For eligible full-time employees, we
offer: Considerable employer contributions for health, dental, and
vision programs Generous PTO, paid holidays, and paid parental
leave 401(k) matching program Merit advancement opportunities
Career development & training And finally, our team spirit and
culture! We cultivate an environment of community, connection, and
belonging across our entire organization. Beyond Finance does not
accept unsolicited resumes from individual recruiters or
third-party recruiting agencies in response to job positions. No
fee will be paid to their parties who submit unsolicited candidates
directly to Beyond Finance employees or the Beyond Finance HR team.
No placement fee will be paid to any third party unless such a
request has been made by the Beyond HR team.
Keywords: Beyond Finance, Berwyn , Security Operations Manager, IT / Software / Systems , Chicago, Illinois
