Cyber Security Operations Manager in Liverpool

Location: Liverpool City Centre on a Hybrid working basis

Salary: Up to £75,000 per annum Depending on experience

Job Type: Permanent, Full Time

Working Hours: 37.5 hours per week, Monday to Friday

Acorn are looking to recruit a brand-new role as a Cyber Security Operations Manager. The Cyber Security Operations Manager will lead the operational security function responsible for protecting the organisation's information assets, technology services, and users. This role oversees all security operation functions, incident response, threat detection, vulnerability management, and continuous improvement of the organisation's security posture. Working closely with Infrastructure, Cloud, Architecture, Governance, Compliance and Risk teams, the manager ensures that security operations are proactive, resilient, and aligned with business needs.

Responsibilities:

• Lead and manage the daily operations of the internal Security Operations team and primary relationship with any outsourced SOC solution ensuring 24/7 monitoring and response coverage.
• Oversee cyber defence capabilities including SIEM, SOAR, EDR/XDR, threat intelligence, and identity protection.
• Develop and maintain operational procedures, playbooks, and response frameworks.
• Direct the full incident response lifecycle: detection, triage, containment, eradication, recovery, and post-incident review.
• Coordinate major incident management with IT Infrastructure, Cloud, and Business teams.
• Ensure lessons learned are captured and drive meaningful improvement.
• Oversee the vulnerability management programme, ensuring timely identification, prioritisation, and remediation of risks.
• Partner with asset owners to ensure patches, configuration hardening, and remediation actions are completed.
• Support risk assessment processes and provide input to security governance and compliance teams.
• Ensure the design, tuning, and optimisation of detection rules, alerts, and correlation logic across security platforms.
• Drive automation initiatives using SOAR to improve response speed and reduce operational workload.
• Maintain robust coverage across cloud, on premise, network, and endpoint environments.
• Build capability through training, certifications, and knowledge-sharing programmes.
• Work with technology, business, and leadership teams to communicate risks, incidents, and security posture.
• Support audits, regulatory assessments, and customer assurance activities.

Requirements:

• Experience managing a SOC or security operations function within a complex enterprise environment.
• Strong understanding of SIEM, SOAR, EDR, IDS/IPS, firewalls, and cloud-native security tooling.
• Knowledge of cyber security frameworks such as NIST CSF, MITRE ATT&CK, ISO 27001, or CIS Controls.
• Demonstrated expertise in incident response and threat management.
• Experience working in hybrid cloud environments (Azure, AWS, or GCP).

Benefits:

• 35 days' holiday (including bank holidays) with additional buy/sell options.
• 24/7 mental health support & free counselling available.
• Flexible benefits, including early access to salary via our internal platform.
• Hybrid working options to support work-life balance and individual needs.
• Recognition awards, social events & more.

Before applying, please know: If your application is successful, we will run relevant employment checks prior to your employment with us. These will include a standard criminal record check and an insolvency register check.

Visa Requirements: We can only consider applicants who have at least one year remaining on their Graduate or Post-Study Work visa. At the moment, we're not able to offer visa sponsorship.

We're Here to Support You: We're committed to creating an inclusive, supportive workplace where everyone can flourish. If you need any adjustments during the recruitment process-or once you're part of the team-we'll work with you to make sure you can do your best work.

Please click the APPLY button to submit your CV for this role.