Head of Security Operations Centre in London

As Head of Security Operations, you will have a minimum of 5 years' experience in similar roles, proficient at managing globally dispersed teams, providing strategic technical direction and comfortable in challenging approaches while driving security efficacy. The ability to communicate effectively and concisely with a range of stakeholders such as technical experts, architects, external partners and our Director of Information Security is a must.

You will have a proven track record of building or transforming a resilient 24x7x365 Security Operations function, delivering capabilities such as SIEM, SOAR, Vulnerability & Threat management, offensive and defensive security, E-mail security, Network firewall, NDR, IDS/IPS, EDR and Web Application firewall. You will be a strategic thinker with the ability to lead highly technical teams in a complex environment and be comfortable 'thinking outside of the box'. You will be able to continually demonstrate and improve service value to our customers through well-defined KRI's.

As you build and mature the Security Operations capability you will initially be expected to lead major security incidents and be on-call as the senior escalation for out of hours on rota, for which there is a generous allowance.

If you can inspire teams, have resilience, see the 'big picture', and deliver measurable results; this is the role for you!

Strategy & Leadership

• Provide thought leadership that will inspire, challenge and motivate the team.
• Drive a culture of curiosity, accountability and continuous improvement.
• Provide clear strategic direction and oversight holistically across operations, detection engineering and automation engineering that drive measurable, high impact improvements and outcomes to our SOC capabilities.
• Define, implement and continually evolve a 3 year Security Operations strategy.
• Define and manage all aspects of the Security Operations budget (CapEx and OpEx).
• Create, maintain and update the Security Operations roadmap and align delivery plans.
• Define and execute a people strategy to deliver a highly skilled and resilient SOC capability.
• Provide strong leadership and direction that fosters proactive collaboration across the information security team and wider organisation.
• Go beyond the hype of AI and translate it into a genuine force multiplier across operation, increasing visibility and reducing incident response validation and response times.
• Look for opportunities to promote and continue to grow the visibility and value of security operations internally and across the client base.
• Build and maintain relationships across internal and client technology teams.

Operational

• Be the senior escalation point for the team.
• Embed security operations throughout projects and operational readiness to minimise blind spots.
• Maintain, measure and continually evolve effective On-Call capabilities.
• Develop, maintain and evolve Security operations service catalogue.
• Drive continued preparedness through regular 'test' incident response scenarios.
• Evaluate new and existing technologies and ensure they continue to meet requirements.
• Build robust, repeatable processes leveraging automation where possible to eliminate single points of failure in people and technology.
• Drive clear prioritisation and minimise time spent on low value work.
• Create status reports, briefing packs on all aspects of security operations for senior management.
• Identify areas of improvement and efficiencies in our technical approaches and ways of working.
• Lead, manage, direct and orchestrate major security incidents bridging communications between operational teams and executive leadership.
• Manage existing vendors to ensure continued value from vendors and technology.
• Look for opportunities to work with social media, fraud, service management and other teams to gain early insights into potential threats to turn reactive response into proactive response.
• Horizon scan new threats, attack techniques and technical mitigations and evaluate against the organisation's exposure, communicating these up to the Director of Information Security.
• Support where necessary technical security reviews and risk assessments to ensure solutions are in place to mitigate risks to the organisation.

• Deep understanding of core security controls e.g., Endpoint Detection Response, WAF, SIEM / SOAR, Identity and Access Management, Data security, system hardening.
• Work closely with the Head of GRC and Head of Security Engineering & Architecture to deliver security operations as a part of a comprehensive end-to-end information security service.
• Solid understanding of Operating Systems (Windows, Linux and Mac OS).
• Experience scripting in Bash, PowerShell and/or Python.
• Able to get 'hands on' when required, to validate configurations or support the team.
• Ability to make quick and effective decisions around tactical security measures.
• Provide strategic security input into wider modernisation initiatives (act as a Cyber security consultant / SME on technical control deployments).
• Have an engaging, motivating and inclusive approach to management.
• Develop robust training plans across the team.
• Forecast and manage proactively all aspects of budgeting requirements.
• Ability to balance evolving strategic and operational priorities.
• Challenge technical approaches in a constructive manner to reduce security risk in the most effective manner.
• Data driven, outcome focused mindset to drive 'big picture' results while maintaining operational continuity and efficacy.
• Solid implementation experience of industry frameworks such as MITRE & CIS.
• A good understanding of AI frameworks (NIST AI RMF, OWAS LLM & Agentic Top 10, MITRE ATLAS).
• Comfortable working in a Hybrid (On-Prem and Cloud/ SaaS) environment.
• Able to travel nationally, within EU and internationally.
• Excellent verbal, presentation, planning and written communication skills.

We value experience over qualifications; however, the following would be a plus:

• CISSP (inc concentrations such as ISSAP, ISSEP, ISSMP).
• CISM.
• GIAC Practitioner.
• BSc Computer Science/ Security.
• MSc Information Security.

The above list of duties is not exclusive or exhaustive and the post holder will be required to undertake tasks that are reasonably expected within the scope and grading of the post.