Director, Cyber Security Operations and Threat Management in Glasgow

The Director for Security Operations and Threat Management is a strategic, and technically-grounded lead of our information security team, performing duties through processes and procedures necessary to ensure the safety of information systems and applications on premise and in the cloud. This role assists with protecting the confidentiality, integrity, and availability of company and customer data. This role is the primary architect of our defense-in-depth strategy, overseeing the teams (internal and external) responsible for detecting, neutralizing, and preventing cyber threats. You will bridge the gap between high-level security strategy and hands-on operational excellence, ensuring our global infrastructure—on-prem and cloud—remains resilient against an ever-evolving threat landscape. In addition, the Director will manage and monitor various security systems/tools and supports the assessment of system security controls. The ideal candidate is a “leader-doer” who can manage the security of complex environment while remaining sharp enough to deep-dive into an incident response bridge or a cloud architecture review.

Duties and Responsibilities

• Detection Strategy: Build and maintain a world-class Threat Intelligence program to pivot from reactive to proactive defense.
• IR Leadership: Serve as the ultimate escalation point for high-priority security incidents, leading the Incident Response team through containment, eradication, and recovery.
• Hunting: Establish regular threat-hunting cadences to identify dormant or sophisticated actors within the environment. Stay abreast, and keep up with the latest threats and analyze the impact to the Jazwares environment.
• SOC Oversight: Manage the 24/7 Security Operations Center (MSSP) to ensure high-fidelity alerting and low Mean Time to Resolve (MTTR).
• Tooling Optimization: Own the security stack (SIEM, EDR, XDR, SOAR). Ensure tools are integrated, automated, and providing maximum ROI rather than just generating “noise.”
• Automation: Drive a “Detection as Code” philosophy to automate repetitive tasks and manual investigative steps.
• Tool Custodian: Be the custodian of all security tools such as PAM, Email Security, Backup and Recovery, etc.
• Technical Leadership: Provide technical leadership and oversight to security operations activities and initiatives.
• Business Continuity and Disaster Planning: Participate in business continuity and disaster planning.
• Support and Guidance: Provide guidance and support on security issues to other departments.
• Security Measures: Ensure all software within the network has adequate security measures in place.
• Metrics and Reporting: Propose metrics and prepare reports to show current security posture.
• Monitoring: Monitor system events, log files, and alerts.
• Cloud Governance: Define security guardrails for AWS/Azure/GCP environments, focusing on IAM, VPC security, and serverless protection.
• Infrastructure as Code (IaC): Partner with DevOps to integrate security checks into CI/CD pipelines (DevSecOps).
• Engineering Excellence: Lead the design and deployment of scalable security solutions that support business growth without introducing friction.
• Lifecycle Management: Oversee the end-to-end vulnerability management process, from discovery and risk-based prioritization to remediation tracking.
• Exposure Management: Move beyond simple patching to manage the “attack surface,” including external digital footprints and shadow IT.
• Security Blueprints: Collaborate with Enterprise Architects to ensure security is “baked in” to new product builds and internal migrations.
• Zero Trust: Lead the transition toward a Zero Trust Architecture, focusing on identity-centric security and micro-segmentation.
• Security Requirements: Determine security requirements and security controls for new systems.
• Architectural Diagrams: Develop and maintain architectural diagrams.
• Team Coaching: Coach team members and manage work plan on assigned projects.
• Any other tasks assigned by Manager.

Education and Experience

• Minimum 8 years of experience within Information Security.
• At least 3 years of experience Threat Management and Security Operations.
• At least one of the following certifications required: CISSP, CCSP, CASP+, any SANS GIAC or equivalent is preferred.
• AWS certifications such as “AWS Certified Security - Specialty” highly desired.

Required Knowledge, Skills, Abilities

• Thorough understanding of the following areas: Threat Management, Security Operations, Application Security, Cloud Security, Data Security, Endpoint Security, Network Security, and User Access Security.
• Knowledge of security frameworks and standards such as NIST CSF, ISO27000, and/or CIS.
• Self-directed work habits, exhibiting initiative, drive, creativity, maturity, self-assurance, and professionalism.
• Ability and desire to take ownership of multiple tasks and responsibilities.
• Experience designing or implementing an enterprise level Security Program.

Equal Opportunity Employer. This employer is required to notify all applicants of their rights pursuant to federal employment laws. For further information, please review the Know Your Rights notice from the Department of Labor.