Director / Head of SOC - Greenfield SOC (Gov.)

Director / Head of Security Operations (Greenfield SOC Build - Central Government)

Contract: 2+ Years
Location: UK Hybrid / Remote
Clearance: SC Desirable
Sector: Central Government / Cyber Security Leadership

Position Overview

This appointment represents a rare opportunity to lead the establishment of a new, world-class Security Operations capability for a major central government organisation. The Director / Head of Security Operations will take ownership of defining the vision, shaping the security operating environment, and leading the implementation of a fully modernised SOC that underpins high-assurance digital services at national scale.

Rather than inheriting an existing function, the successful candidate will design and build the SOC from the ground up-setting strategic direction, selecting and integrating technologies, forming specialist teams, and embedding a proactive, intelligence-led security culture. This role requires a senior cyber leader who has successfully created or transformed SOC environments in government or other highly regulated sectors and who is comfortable operating at the intersection of strategy, architecture, and operational delivery.

Core Areas of Accountability

1. Strategic Leadership and SOC Direction
   
   Establish the long-term vision, purpose, and operating construct for a modern, scalable SOC capable of supporting sensitive, high-volume government digital services.
   Set out the capability roadmap, defining service layers, command structure, resourcing needs, and maturity targets.
   Produce a SOC blueprint that supports reuse, standardisation, and extensibility across wider government environments.
   
   
2. Creation of the SOC Capability
   
   Build out the full operational capability, including monitoring, detection engineering, cyber analytics, threat intelligence, forensics, and incident response.
   Lead the selection, integration, and alignment of tools, platforms, and cloud-native services into a unified security ecosystem.
   Embed automation-first and AI-enhanced approaches to uplift detection, response speed, and operational resilience.
   
   
3. Security Governance, Assurance and Risk Ownership
   
   Provide authoritative leadership across cyber risk, operational assurance, investigative processes, and security governance frameworks.
   Ensure the SOC supports stringent data protection, identity management, and access control requirements, including PIM/PAM.
   Develop coherent processes for resilience, escalation, containment, and recovery across critical services.
   
   
4. Supplier, SME and Ecosystem Coordination
   
   Direct a blended model of internal teams, external partners, SMEs, and specialist consultancies.
   Hold delivery partners to account for performance, quality, and alignment with the SOC strategy.
   Oversee the technical and commercial evolution of services delivered under multi-year Statements of Work.
   
   
5. Stakeholder Influence and Organisational Alignment
   
   Act as the senior cyber representative for the programme, engaging Directors, C-level leaders, digital delivery groups, architects, and operational teams.
   Shape security behaviours, embed best practice, and develop a culture of proactive defence across the organisation.
   Support wider transformation initiatives by advising on security patterns, architectural direction, and investment priorities.
   
   Required Background and Expertise
   
   Leadership experience as Head of SOC, SOC Director, or senior cyber operations leader within central government or a high-assurance regulated environment.
   Proven track record of building SOC capabilities from scratch, including technology architecture, operating models, and service frameworks.
   Deep knowledge of SOC functions, cloud-native defence approaches, security engineering practices, and modern detection and response architectures.
   Strong understanding of identity security, privileged access, data protection controls, and secure-by-design principles.
   Experience governing multi-supplier environments and leading multidisciplinary cyber teams.
   Strong familiarity with cloud platforms (including Azure, AWS and multi-cloud), automation tooling, Terraform, CI/CD pipelines, GitHub, and security-focused scripting such as Python or JavaScript.
   
   Desirable Attributes
   
   Experience contributing to or defining AI-related security strategies, including risk assessment and regulatory interpretation.
   Background developing reusable or exemplar operating models that can scale across multiple business units or departments.
   Ability to thrive in an environment undergoing significant modernisation and organisational change.If interested, please apply and I will be in touch to set up a confidential conversation later today.
   
   GCS is acting as an Employment Business in relation to this vacancy