Associate Director, Cyber Security

Vacancy Name

Associate Director, Cyber Security

Vacancy No

VN796

Employment Type

Permanent

Location of role

Gaithersburg, MD, Radnor, PA, Oxford, UK

Department

Information Technology

Key Responsibilities

As part of IT Operations, the Associate Director of Cyber Security's primary responsibility is to lead and manage Immunocore's cyber security strategy and day-to-day cyber security operations. This is a hands-on position and involves leveraging our Cisco security suite to develop and implement comprehensive security layers, policies, procedures, and protocols aimed at protecting our digital assets and employees from modern cyber threats.

The primary purpose of this role is to leverage emerging expertise and subject matter knowledge in Cyber Security to address significant and unique complex issues, aligning work with the wider Immunocore's strategy. The individual will interpret internal and external business challenges, recommend best practices, and identify new solutions to improve products and processes. They will make timely, tough decisions, effectively dealing with ambiguity and limited information.

Key Responsibilities:

* Design and implement comprehensive, layered security architecture across on-premises, Azure, and AWS environments - including endpoint, network, identity, cloud, and data security controls.

* Monitor external cyber security, regulatory, and technology developments to identify risks, opportunities, and improvement priorities for the business.

* Own the SIEM platform - including use case development, alert tuning, log source onboarding, and ensuring coverage across cloud and on-premises environments.

* Develop and maintain SOAR playbooks to automate detection and response workflows, reducing mean time to respond (MTTR).

* Integrate threat intelligence feeds and use them to proactively tune detection logic and inform risk decisions.

* Conduct and manage vulnerability assessments and penetration testing programmes, tracking remediation to closure.

* Assisting in design and architecture of our Global IT infrastructure and Cyber Security solutions, ensuring they meet business requirements, scalability needs, industry, and security standards.

* Continuously optimise infrastructure to enhance security, while adhering to industry standards and compliance requirements.

* Drive continual improvement of cyber governance, assurance, and control effectiveness across the organisation.

* Deploy and maintain complex backend security infrastructure and products across various environments, including on-premises, Azure, and AWS.

* Oversee Linux and Windows infrastructure security hardening, aligned to CIS benchmarks and internal standards.

* Investigating and resolving complex cyber alerts, technical issues and incidents related to our environment. Participating in on-call rotations as required providing timely response to critical incidents.

* Manage Immunocore's relationship with the external SOC provider, defining SLAs, escalation paths, and reporting cadence, and ensuring value is being delivered.

* Own and maintain Immunocore's cyber security strategy, roadmap, and policies, ensuring they are aligned to business objectives and relevant regulatory frameworks (ISO 27001, NIST, GDPR, GxP, Cyber Essentials).

* Design and deliver a security awareness programme that engages employees at all levels - including phishing simulations, targeted training, and management reporting.

* Act as a trusted advisor to the business on security matters, balancing risk management with operational pragmatism.

* Lead functional teams or projects, serving as a best practices resource, and providing guidance, coaching, and mentorship to professional and managerial employees.

Supervisory Responsibility (If applicable):

* Supervise external Cisco SOC and provide guidance/mentorship engineers within the IT team.

* Support and manage one Cyber Security Engineer.

Education, Experience and Knowledge:

Essential

Qualifications:

* Bachelor's degree in Cyber Security, Information Security, Computer Science, or a related field with a minimum of 4 years in a senior cyber security role (L3+), with demonstrated experience leading security operations, strategy, and incident response.

* Hold a current recognised security certifications such as CISSP, CISM, CISA, or CCNP Security.

* Proven experience owning and operating SIEM, SOAR, EDR, and vulnerability management platforms in a multi-cloud (Azure/AWS) and on-premises environment.

* Strong knowledge of security frameworks and regulatory compliance (ISO 27001, NIST, GDPR, Cyber Essentials) with experience developing and maintaining security policies, roadmaps, and risk registers.

* Expert with security hardening principles across Linux and Windows, with the ability to implement and audit controls in line with CIS benchmarks.

* Experience managing external SOC providers, including defining SLAs, escalation procedures, and performance metrics.

* Demonstrated ability to lead and mentor security staff, manage vendor relationships,…