Cyber Operations Director

Purpose of the Role

To monitor the performance of operational controls, implement and manage security controls, and consider lessons learned in order to protect the bank from potential cyber-attacks and respond to threats.

• Manage security monitoring systems, including intrusion prevention and detection systems, to alert, detect, and block potential cyber security incidents, and provide a prompt response to restore normal operations with minimized system damage.
• Identify emerging cyber security threats, attack techniques and technologies to detect/prevent incidents, and collaborate with networks and conferences to gain industry knowledge and expertise.
• Manage and analyze security information and event management systems to collect, correlate, and analyze security logs, events, and alerts/potential threats.
• Triage data loss prevention alerts to identify and prevent sensitive data from being exfiltrated from the bank's network.
• Manage cyber security incidents, including remediation and driving them to closure.

To manage a business function, providing significant input to function-wide strategic initiatives, contributing to and influencing policy and procedures, and leading an organization-wide team or sub-function while embedding a performance culture aligned to the values of the business.

Serve as a deep technical expert and thought leader, identifying new ways of working and collaborating cross-functionally, training, guiding, and coaching less experienced specialists, and offering information that impacts long-term profits, organisational risks, and strategic decisions.

Provide expert advice to senior functional management and committees, influence decisions made outside the own function, and manage, coordinate, and enable resourcing, budgeting, and policy creation for a significant sub-function.

Ensure compliance with regulations and relevant processes, maintain operational excellence, and represent the function as the principal contact point for key clients and counterparts in other functions and business divisions.

• Lead and evolve the enterprise Cyber Threat Intelligence (CTI) programme, delivering strategic, operational and tactical intelligence to proactively identify, assess and mitigate threats targeting the organisation and the broader financial services sector.
• Direct and develop a global team of threat intelligence analysts, setting priorities, allocating resources, and leveraging advanced technologies, including AI and LLM capabilities, to maximise intelligence collection, effectiveness and operational efficiency.
• Oversee threat research and analysis, including threat actor profiling, indicators of compromise (IOCs), tactics, techniques and procedures (TTPs) and emerging threat trends, to support threat hunting, detection engineering, vulnerability management and incident response activities.
• Partner with CSOC, Incident Response, CISO functions and broader Intelligence functions to provide actionable intelligence during cyber incidents, enhance defensive controls and improve organisational cyber resilience.
• Maintain operational intelligence‑sharing relationships with FS‑ISAC, industry peers, government agencies and trusted external partners to strengthen situational awareness, intelligence collection capabilities and support broader external cyber engagement and partnerships.
• Translate complex intelligence assessments into executive-level briefings, strategic risk insights and actionable recommendations for senior leadership, business stakeholders and board-level audiences.
• Mature and implement threat intelligence operating model, frameworks, processes and intelligence requirements, ensuring alignment with business objectives, risk management priorities and the evolving threat landscape.

• Deep expertise in Cyber Threat Intelligence, cybersecurity operations, incident response and risk management, with extensive knowledge of threat actor methodologies, MITRE ATT&CK, cyber kill chain frameworks and threats relevant to the financial services sector.
• Proven leadership experience building, scaling and managing enterprise threat intelligence functions within large, complex organisations, including people leadership, capability development, performance management and strategic resource allocation.
• Demonstrated success designing and enhancing threat intelligence programmes, platforms and processes, including the deployment and optimisation of Threat Intelligence Platforms (TIPs), OSINT capabilities, intelligence automation and integration with security operations.
• Strong technical background in threat intelligence analysis, threat actor tracking, campaign analysis, security research, threat hunting, detection engineering and the development of scalable cybersecurity solutions supporting detection, response and vulnerability management.
• Experience leveraging and integrating security technologies, including SIEM and SOAR platforms (e.g., Splunk), to ope rationalise…