Cyber Security Operations Manager at Met Office, Remote/Exeter, 6 Months, £Contract Rate

Job Summary & Purpose

The Cyber Security Operations Manager is a leadership role responsible for overseeing the Security Operations Centre (SOC) within the Cyber Security team.

The Cyber Security Operations Manager, will design, implement and continuously improve the department’s Security Operations strategy, ensuring rapid detection, response and recovery from cyber threats and incidents. The role will leada team of security professionals and embed security practices in line with best practice standards.

The role has management responsibility for 8+ team members.

SC Clearance is an essential requirement for this role, as a minimum you must be willing & eligible to undergo checks. Please note, due to the exceptional requirements of this position (short-term nature of this role and speed at which we require a postholder in situ) preference may be given to candidates who meet all of the essential criteria and hold active security clearance.

As a Cyber Security Operations Manager your main responsibilities will be:

• Team Leadership and Development: Lead, manage and mentor a team of cyber security analysts to ensure the team operate effectively. Develop the team utilising the career framework to identify learning needs and career pathways.
• Incident Management: Lead incident detection, triage, escalation and resolution processes; assessing impacts and directing appropriate measures to contain and mitigate threats, conduct post‑incident reviews and drive continual service improvement including exercising to test procedures.
• Security Monitoring: Be the escalation point for alerts. Provide direction for improvements to monitoring systems for our environment covering specific technologies or threats. Direct the development and tuning of new and existing rules.
• Threat Intelligence: Stay up to date on the latest cyber threats and attack techniques, incorporating threat intelligence into security practices, cascading to relevant stakeholders.
• Reporting and Metrics: Define cyber security metrics and targets. Prepare and present regular reports on security incidents, and trends to management, translating technical metrics into business focused risk insights.
• Vendor & Stakeholder Management: Oversee service providers, managing Service Level Agreements (SLAs) and Key Performance Indicators (KPIs), serve as the principal interface with cross‑government departmental SOCs.
• Budget Management: Support the management of the department budget to ensure optimal allocation of resources to meet security objectives.

Essential:

• Team Leadership Experience: Demonstrated ability to lead and manage a team, this includes decision-making, effective communication and service management skills.
• Incident Management: In-depth knowledge of incident management processes, including the ability to assess the impact of critical security incidents and lead the response efforts, ensuring procedures are available and maintained.
• Security Monitoring: Proven experience delivering an effective security monitoring capability, with continuous improvements that reflect changes from risks and threats in a timely manner, including proactive threat hunting and intrusion detection.
• Threat Intelligence: Proven experience delivering threat intelligence and assessment in the context of the organisation to stakeholders by gathering and analysing information to identify and mitigate cyber threats from both open-source (OSINT) and commercial threat intelligence.
• Cyber Security Operations: Proven experience operating cyber security solutions and tools (e.g. Security Information and Event Management (SIEM), maintaining security records and documentation in accordance with security operating procedures.
• Vendor & Stakeholder Management: Demonstrated experience in managing relationships with external vendors, managed security service providers (MSSPs), and technology partners, ensuring contractual obligations, service level agreements (SLAs), and performance metrics are consistently met or exceeded.

Desirable:

• CISSP, CISM or equivalent professional cybersecurity certification
• Experience with Cloud Security (AWS, Azure)
• ITIL Foundation (or equivalent) service management qualification