Cyber Security Operations Manager

The Role:

Our client is seeking a Cyber Security Operations Manager for a 6-month contract (likely to be extended). The role is responsible for overseeing the day-to-day operations of the Security Operations Centre (SOC), including detection, threat and vulnerability management, and incident response. This position provides senior operational oversight, serves as a key point of contact for outsourced detection and response services, and ensures that security operations processes are effective, mature, and continuously improving.

Responsibilities:

Security Operations & Incident Management

• Manage the execution of Security Operations Centre (SOC) capabilities, ensuring the efficient and effective operation of detection, threat management, vulnerability management, and incident response activities.
• Support the team in ensuring the security operations toolset is deployed across the estate.
• Daily checks and trend analysis of SOC alerts
• Act as a key contact for the outsourced detection and response provider, managing operational stakeholders.
• Oversee the triage of security events from a wide range of sources, including employee reports, security systems and threat intelligence feeds.
• Manage analysis and coordinated response to detected events, ensuring appropriate containment, investigation, escalation, and communication in line with defined severity and impact thresholds.

Threat & Vulnerability Management (TVM) Oversight

• Provide operational oversight of Threat and Vulnerability Management activities, ensuring vulnerabilities are identified, prioritised, tracked, and remediated in line with risk‑based approaches.
• Ensure effective coordination between Security Operations, Technology, and third‑party teams to support timely remediation of identified vulnerabilities.
• Oversee vulnerability risk acceptance, exception handling, and escalation processes where remediation timelines cannot be met.
• Monitor vulnerability trends, exposure levels, and remediation performance, ensuring risks are understood and communicated to relevant stakeholders.
• Support continuous improvement of TVM processes, including integration with detection, incident response, and reporting capabilities.

Runbooks, Automation & Capability Improvement

• Ensure detection, protection, response, recovery, and TVM runbooks are maintained, up to date, and consistently followed across Security Operations.
• Drive optimisation and automation of SOC and TVM processes where feasible, improving efficiency and reducing manual effort through effective use of security technologies.
• Identify and implement lessons learned from incidents, vulnerability trends, and testing activities to strengthen overall security posture.

Service Integration & Operational Readiness

• Ensure the effective integration, onboarding, and operational handover of new security services and technologies into SOC monitoring, detection, and vulnerability management capabilities.
• Support operational readiness for new services, including documentation, runbooks, escalation paths, and operational acceptance.

Reporting & Stakeholder Management

• Provide clear operational reporting, summaries, and metrics covering incidents, detection effectiveness, and vulnerability risk posture to key stakeholders.
• Communicate effectively with technical teams, third‑party providers, and senior stakeholders during security incidents and operational reviews.

Required Experience & Skills

• Proven experience managing Security Operations and/or SOC functions in a complex enterprise environment.
• Strong understanding of detection and response operations, incident management, and Threat & Vulnerability Management practices.
• Experience managing or working closely with outsourced SOC or managed detection and response providers.
• Ability to operate confidently during security incidents and communicate clearly under pressure.
• Excellent stakeholder management and written/verbal communication skills.

Desirable:

• Experience improving SOC and TVM maturity through process optimisation and automation.
• Familiarity with risk‑based vulnerability prioritisation and remediation governance.
• Experience operating within large‑scale, regulated, or multinational environments.