Operations Security Manager (Permanent)

We have been closely working with a company in the power sector to build an in-house security team and we are in search of a Security Operations Manager. They are looking to become the best performer in its sector and building a team to achieve this through the provision of technology solutions, as well as optimising current solutions to improve how the company operates.

This role works closely with the Cyber Security Architecture Manager, Cyber Security Testing Manager, Cyber Security Governance Manager, Cyber Security Portfolio Manager, and Cyber Security Engineering Manager. This role will support all other team members, the rest of the Information Systems team, IT Service Providers, and business stakeholders across the company to implement and optimise cyber security operations capabilities.

Accountable for managing the Cyber Security Response team and the quality of third-party services and deliverables, reviewing performance, and driving continuous improvement. Take the lead management responsibility for all cyber security event monitoring and incident response services received from all partner organisations with particular focus on the company’s Managed Security Service relationship (MSS).

Proactively manage the search for cyber threats that may go undetected in our environment that have evaded our automated security tools and defences. Accountable for Cyber Security incident response management including the establishment, maintenance, and improvement of cyber security incident response plans, procedures, and playbooks.

Manage post-incident activity to include scheduling and chairing Post Incident Reviews (PIR), the documentation of Root Cause Analysis (RCA) for security incidents, and the tracking of actions to prevent incident recurrence and strengthen relevant controls. Plan, execute, and learn lessons from regular cyber-attack simulation exercises to test the company’s IT and organisation resilience to improve cyber defences and attack preparedness.

Manage and maintain the suite of Cyber Security tools and platforms to enable effective prevention and detection of cyber threats. Drive security orchestration, automation, and response (SOAR) solutions for systems and operational playbooks to enable efficient discovery of security events and response actions.

Produce relevant and accurate cyber security metrics dashboards and reports for both technical and business stakeholders on the performance and effectiveness of the company's continuous cyber security monitoring, defence, and incident response capabilities. Drive and undertake effective role-modelling, coaching, mentoring, development, motivation, and evaluation of staff within the team, creating an environment where the team excels.

Support the development and implementation of the company's Cyber Security Strategy ensuring alignment to the company vision, values, and strategic objectives. Deputise for the Head of Cyber Security and Technology Risk as required for certain pre-agreed tasks and activities.

Minimum Requirements:

• 5 years+ experience leading Cyber Security Defence and Operations teams.
• Bachelor's Degree in Cybersecurity, Computer Science, Information Systems, related field or equivalent training and/or experience.
• Hold an industry recognised information security qualification such as GIAC/GCIA/GCIH, CISSP or CompTIA Advanced Security Practitioner (CASP+) and/or SIEM-specific training and certification.
• An understanding and knowledge of compliance and regulatory frameworks such as National Cyber Security Centre (NCSC) Cyber Assessment Framework (CAF) and ISA/IEC 62443, ISO/IEC 27001/27002, GDPR.
• Working knowledge of security technologies including but not limited to SIEM, SOAR, EDR, AV, IDS/IPS, NAC, AD, DLP, Web Filtering, Email Filtering, Behavioural Analytics.
• Practical experience of incident response governance (lifecycles, frameworks, incident handling, etc.) and developing incident response playbooks/processes, Security Orchestration, Automation and Response (SOAR), running red-team exercises and tabletop crisis war games.
• Working knowledge of SIEM and SOAR solutions, Identity and Access Management and Data Loss Prevention tools and technologies preferably including FortiSIEM, Q-Radar, Sentinel, Darktrace, Microsoft Defender.
• Log correlation and analysis, including chain of custody and forensics investigations and requirements.
• Experience managing suppliers for an outsourced Managed Security Services (MSS) in an environment with both internal and external IT service providers.
• Experience with monitoring Operational Technology (OT) systems, including Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA).