Manager: Cyber Security Operations

THE JOB AT A GLANCE

As the Manager:
Cyber Security Operations, you are responsible for managing the day-to-day execution of cyber security operations to ensure effective monitoring, detection, response and recovery across the organisation’s technology environment. Your role supports the Head of Cyber Security Operations in maintaining a resilient and intelligence-driven cyber defence capability that is aligned to operational priorities, risk requirements and service expectations.

• Manage the day‑to‑day operation of the Security Operations Centre (SOC), ensuring continuous monitoring, alert triage, investigation, and timely escalation
• Oversee the effective use of the SIEM platform, including monitoring coverage, use case execution, alert quality, and operational tuning
• Support the optimization of detection rules, use cases, and alert correlation to improve visibility and reduce false positives
• Ensure SOC procedures, playbooks, escalation paths, and service levels are consistently applied and maintained

• Manage operational cyber incident response processes, including detection, logging, triage, escalation, containment, eradication, recovery, and closure
• Coordinate cross‑functional response activities during cyber incidents, working with IT, Legal, Risk and business stakeholders as required
• Support the Head of Cyber Security Operations during major incidents and provide operational leadership during lower to medium severity incidents
• Facilitate post‑incident reviews, root cause documentation and tracking of lessons learned and corrective actions

• Coordinate proactive threat hunting activities aimed at identifying hidden threats, suspicious behaviour and advanced attack indicators
• Support the use of threat intelligence, behavioural analytics and internal testing results to improve monitoring and detection effectiveness
• Assist with internal penetration testing, purple team exercises and validation of detection controls
• Help refine detection use cases in response to changes in threat landscape, attack trends and business risk

• Manage vulnerability scanning schedules, remediation tracking and reporting across infrastructure, applications, cloud platforms and endpoints
• Work with IT teams to prioritise and remediate vulnerabilities based on risk, exploitability and business impact
• Coordinate patch management follow‑up to ensure critical updates are implemented within agreed timelines
• Report on vulnerability posture, patch compliance, remediation performance and areas of material exposure

• Support the planning and execution of cyber resilience activities, including breach simulations, ransomware scenarios and operational readiness exercises
• Coordinate operational preparedness for high‑impact security incidents and support enterprise crisis response structures when invoked
• Assist in testing and validating operational response capabilities, recovery actions and communication procedures

• Coordinate containment, recovery and restoration activities during cyber incidents to minimise operational disruption
• Support forensic evidence handling, investigation coordination and incident documentation in line with policy and legal requirements
• Ensure recovery actions are properly tracked, validated and closed out following incidents

• Support the integration of relevant internal and external threat intelligence into cyber operations processes and monitoring activities
• Ensure threat intelligence is converted into practical detection improvements, watchlists and response actions
• Maintain operational awareness of current cyber threats relevant to the organisation’s industry and environment

• Produce regular operational and management reports covering cyber incidents, SOC performance, threat activity, vulnerability exposure, remediation progress and resilience readiness
• Track and report key performance and risk indicators such as MTTD,…