Sr Manager, Cybersecurity Operations

About the Role

At 2U, we are dedicated to eliminating the back row in education and delivering world‑class digital education at scale. We are seeking a Senior Manager of Cybersecurity Operations to lead and mature our global cyber defense and security operations capabilities. The role is accountable for threat detection, incident response, vulnerability management, and operational security monitoring across a global enterprise. It requires strong leadership, judgment under pressure, and the ability to translate technical security events into clear risk‑based communication for senior stakeholders.

Responsibilities

• Own and oversee day‑to‑day cybersecurity operations, ensuring threat detection, investigation, response, and remediation across cloud, application, and infrastructure environments.
• Ensure security monitoring, alerting, and response processes are consistently executed, well‑documented, and aligned to defined SLAs and severity models.
• Provide operational oversight of security tooling (SIEM, EDR, SOAR), ensuring tools are properly configured, maintained, and delivering actionable outcomes.
• Drive continuous improvement of operational runbooks, response workflows, and automation to reduce manual effort and improve response quality.
• Own the cybersecurity incident management program, ensuring incidents are triaged, escalated, coordinated, and resolved effectively.
• Ensure clear roles, escalation paths, and communications are in place for security incidents, coordinating with SRE, Engineering, Infrastructure, IT, Legal, Privacy, and Communications teams.
• Lead post‑incident reviews, driving root‑cause analysis, remediation tracking, and systemic improvements.
• Ensure incident response practices align with industry standards and internal risk management expectations.
• Partner with Cloud Security, Application Security, and Engineering teams to ensure security controls, detections, and response requirements are operationalised within cybersecurity operations.
• Integrate outputs from security initiatives into monitoring, incident response, and operational workflows.
• Act as primary intake point for security‑relevant operational signals from engineering and platform teams.
• Collaborate with partner teams to identify gaps in detection, response coverage, and operational readiness, and drive improvements.
• Serve as escalation and advisory point for security‑related operational issues.
• Ensure effective visibility and response capability across all environments, aligned to risk and threat models.
• Oversee integration of logging, telemetry, alerts, and playbooks into operational tooling.
• Validate that new systems, services, and changes are covered by monitoring and incident response processes.
• Continuously assess and improve operational coverage to support incidents across evolving tech environment.
• Own the operational vulnerability management lifecycle, ensuring vulnerabilities are identified, prioritized, remediated, and tracked to closure.
• Use risk‑based prioritization to balance remediation effort with business impact and operational realities.
• Translate security findings and trends into clear, actionable insights for stakeholders.
• Lead, mentor, and develop cybersecurity operations engineers, fostering accountability and continuous improvement.
• Provide direction to embedded or partner resources (e.g., Sonata) to ensure clear expectations and alignment to 2U standards.
• Contribute to workforce planning, skills development, and operational maturity of the cybersecurity operations function.

Qualifications

• 5+ years experience in cybersecurity or security operations, with progression into technical leadership or people management.
• Experience leading or supporting security operations, incident response, or threat management in complex environments.
• Working knowledge of AWS; exposure to GCP or Azure is a plus.
• Comfortable with scripting/automation (Python, Bash) to guide and review operational improvements.
• Experience partnering on CI/CD and DevSecOps initiatives to inject security signals into detection and response.
• Familiarity with cloud‑native and containerised environments and their operational security risks.
• Hands‑on experience with SIEM and EDR platforms supporting security monitoring, investigation, and incident response.
• Experience with SOAR workflows and WAF technologies to support security automation and application protection is beneficial.
• Strong analytical judgment, able to make risk‑based decisions under pressure.
• Clear communicator with both technical teams and senior stakeholders.

Benefits

Full‑time, ZA benefits include:

• 2 complimentary Getsmarter short courses per year
• Subsidised medical aid with Discovery Health Medical Scheme
• 4% 2U contribution towards Discovery Life Pension Fund and Group Risk Benefit
• Employee Assistance Program (EAP)
• Generous leave policy including time off to volunteer, study leave, sports leave, and company‑wide festive season break

We offer comprehensive benefits (unique per country) and excellent work/life balance.

Equal Opportunity Statement

2U is an equal opportunity employer that does not discriminate against applicants or employees and ensures equal employment opportunity for all persons regardless of race, creed, color, religion, sex, sexual orientation, gender identity, pregnancy, national origin, age, marital status, disability, citizenship, military or veteran status, or any other classifications protected by applicable laws. 2U’s equal opportunity policy applies to all terms and conditions of employment, including recruiting, hiring, training, promotion, and job benefits and pay.

2U is strongly committed to diversity within its community and especially welcomes applications from South African citizens who are members of designated groups who may contribute to Employment Equity within the workplace and the further diversification of ideas. We are required by law to verify your ability to work lawfully in South Africa.

#J-18808-Ljbffr