Cyber Security Operations Manager

As Security Operations Manager at Two Circles, you play a key role in keeping our systems, people and data safe from external and internal threats by focusing on incident detection, response and remediation; threat hunting; security monitoring; continual improvement and providing technical assurance for solution design and changes. This will include maintaining and improving our security posture in tandem with GRC practices and policies as they evolve to align with current and future standards and frameworks, such as SOC 2, ISO 27001, as well as applicable legislation, including GDPR and UK DPA, working closely with our Legal and Privacy as well as the wider Technology team.

Internally-facing, you will help train and upskill your fellow Two Circlers on topics such security awareness, OWASP Top 10 and Security by Design, as well as understanding and feeding into their processes and workflows, to keep good security practice on the agenda. Externally, this role will also engage with our fascinating clients as appropriate to support their security assurance needs, as well as our technology partners and suppliers to ensure their alignment with our security approach and requirements.

Internally, you will be responsible for our Security Operations activities with our operational team and external partners, including Incident Response and Threat Intelligence, to ensure these are executed consistently to our standards, as well as supporting Continual Security Improvement and being the Tech Ops representative in the GRC working group.

Your main duties & responsibilities:

• Operationalising and ensuring delivery of security policy, standards and procedures
• Assuring day-to-day execution of operational security tasks across multiple areas including threat and vulnerability management, anti-virus management, security monitoring etc
• Supporting the Technology team to keep information security infrastructure up to date with emerging threats and vulnerabilities, including advising on architecture and design of internal and client-facing solutions
• Providing technical expertise towards compliance initiatives and programmes e.g. ISO 27001, Cyber Essentials Plus, GDPR
• Technical aspects of vendor and partner security reviews
• Increasing the levels of understanding of Information Security with end users, leading to improved user interactions and overall experience with our team
• Thinking of and implementing new ways to automate and improve security across the business
• Protecting the data entrusted to us by our clients at all times

The ideal background and skills we are looking for include:

• Experience with GDPR/UK Data Protection, Cyber Essentials and ISO 27001 frameworks
• Managing technical risks and proposing solutions and recommendations
• Security Operations procedures, i.e. Incident management and response
• Configuring, optimising and reporting with Microsoft 365 Security and Compliance modules, including Defender, Security Centre, Protection, Compliance Centre
• Configuring and maintaining endpoint security technologies (AV, firewall, encryption, email protection, web filtering)
• Azure security tooling including Security Centre, Defender, Sentinel, Intune
• Able to understand and effectively communicate technical concepts in discussions with both technical and non-technical colleagues
• Broad knowledge around network technologies (especially cloud) and technical security
• Awareness of architectural principles for technical solution design, e.g. Zero Trust, least privilege RBAC, Security by Design, PAM, Segregation of Duties
• Data Protection and DLP

Experience with the following would also be beneficial:

• NIST, SOC2 and additional compliance and regulatory frameworks
• Project Management and technical delivery
• Experience of, or a keen interest in, the business of sport