Cyber Security Operations Manager

Job Purpose

The Cyber Security Operations Manager is responsible for leading and overseeing the organisation’s cybersecurity operations while acting as a bridge between internal business needs and external security service provider. This position ensures the effective management of security operations, including investigations, technical inquiries, and requests from managed services.

The role involves managing incidents reported by external service providers, providing technical expertise to the business, and overseeing continuous technical improvement to ensure alignment with the organisation's overall security strategy.

Key Responsibilities

• Serve as the primary point of contact for managed security service provider to ensure   seamless collaboration between the business and external vendor.
• Oversee and manage security services, conducting regular reviews of SLAs, performance metrics, and operational effectiveness, and ensuring timely follow-ups and escalations as required.
• Provide technical expertise in evaluating, designing, and recommending security tools and services while collaborating with internal stakeholders to efficiently onboard and integrate new processes and tools.
• Manage the incident response lifecycle, including preparation, detection, containment, recovery, and the resolution of security incident tickets, ensuring detailed post-incident analysis and reporting.
• Lead technical projects related to cybersecurity, ensuring alignment with business objectives and compliance requirements.
• Participate in the business change control processes to assess and mitigate security risks.
• Act as an escalation point for security incidents and support in resolution.
• Provide governance approvals for IT tickets requiring security authorisation.
• Drive continuous improvement by identifying and implementing service enhancements and process optimisation.

Key Skills/Experience

• Proven experience managing external managed security services.
• Strong technical background in cybersecurity operations, with hands-on expertise in:
  • Networking concepts (TCP/IP, DNS, firewalls, VPNs, etc.).
  • Microsoft security solutions (Azure AD, Microsoft Defender, etc.).
  • Security Information and Event Management (SIEM) platforms.
  • Endpoint Detection and Response (EDR) solutions.
• Familiarity with governance frameworks and compliance standards, including PCI DSS, ISO 27001, and GDPR.
• Incident response experience, including familiarity with forensic investigation tools and processes.
• Relevant certifications such as SANS/GIAC (e.g., GCIH, GCIA), CISSP, CISM, CEH, or equivalent.
• Excellent communication and stakeholder management skills, with experience liaising between technical and non-technical audiences.
• Ability to lead technical discussions and contribute to project planning and execution.
• Experience in creating and reviewing security documentation, including policies, procedures, and post-incident reports.
• Strong problem-solving skills with a proactive and solution-focused approach.

Not sure you meet all the criteria? We'd encourage you to take the wheel and apply anyway! At Halfords we are committed to creating an inclusive workplace for our colleagues. We're an equal opportunities employer and proud to welcome applications from all backgrounds and embrace diversity within our one Halfords Family