Security Operations Manager

Position Overview

Rapidly growing FinTech company seeking an accomplished Cybersecurity Operations Manager to take full ownership of its cloud-first security operations function. This is a high-impact, hands-on leadership role with end-to-end responsibility for managing the Security Operations Centre (SOC), incident detection and response, threat intelligence, and cloud-native security engineering-with a strong focus on Google Cloud Platform (GCP).

Operating in a highly regulated, Real Time financial services environment, this role requires deep technical knowledge, operational maturity, and experience applying security best practices across a fast-moving cloud infrastructure.

What You'll Do

SOC Leadership & Threat Detection

• Lead and mentor a team of SOC analysts and engineers, ensuring high-quality coverage across all GCP workloads.
• Establish and maintain 24/7 detection and response capabilities, fine-tuning alerting rules and monitoring strategies.
• Deploy and maintain detection rules using Chronicle SIEM, YARA, Sigma, and GCP-native logging tools.
• Define and maintain runbooks, incident playbooks, and escalation procedures.

Incident Response & Threat Intelligence

• Own the full life cycle of security incidents from detection to remediation and post-incident review.
• Perform advanced threat hunting and root cause analysis across cloud workloads, Kubernetes clusters, APIs, and user activity. Integrate external threat intelligence feeds, aligning TTPs with the MITRE ATT&CK framework.
• Drive continuous improvement by conducting regular purple team exercises and scenario-based tabletop tests.

Cloud Security Engineering

• Work hands-on with GCP security controls, including:
• Security Command Center
• VPC Service Controls
• IAM (Identity & Access Management) Cloud Logging and Monitoring
• Workload Identity Federation
• Automate security response using Python, Terraform, or XSOAR.
• Collaborate with infrastructure and DevOps teams to embed security into CI/CD pipelines, containers (GKE), and API services.

Compliance & Risk Alignment

• Ensure operational alignment with PCI-DSS, ISO 27001, SOC 2, NIST, and GDPR requirements.
• Support internal and external audits with relevant security evidence and reports.
• Work closely with GRC teams to implement controls and technical safeguards for ongoing compliance.

Who You Are

A cybersecurity professional who thrives in high-velocity, cloud-native, and heavily regulated environments. You're both a strategist and a practitioner: able to lead people and projects, while staying hands-on with modern tools and incident response workflows. You bring both technical acumen and operational discipline, with a deep understanding of GCP security and experience protecting high-value fintech applications.

Essential Qualifications

• Experience as SOC lead, cyber operations manager, or similar role.
• Hands-on experience in securing Google Cloud Platform (GCP) environments across multiple projects/accounts.
• Strong expertise in:
• SIEM management (Chronicle, Splunk, Elastic) Incident response and recovery
• Security orchestration (SOAR), preferably Chronicle + XSOAR
• IAM, policy enforcement, logging, and access reviews in GCP
• Proven experience working in FinTech or financial services, ideally under PCI-DSS, ISO 27001, or SOC 2. Strong Scripting or automation experience (Python, Terraform, Bash).
• Knowledge of threat modelling and attack frameworks (MITRE ATT&CK, Kill Chain). Familiarity with Kubernetes (GKE), container security, API hardening.

Nice to Have

Certifications such as:

• Google Professional Cloud Security Engineer CISSP, CISM, GCIH, or GCIA
• Experience implementing Zero Trust Architecture in a cloud-native environment. Familiarity with OPA/Gatekeeper, Kubernetes Admission Controllers.
• Background in red teaming or adversary simulation (MITRE Caldera, Atomic Red Team).
• Experience working with BigQuery, Data Loss Prevention (DLP) tools, and Key Management Systems (KMS).

Why This Role?

• Work directly with engineering, DevSecOps, and compliance leadership.
• Lead cybersecurity strategy and execution in a cloud-native, greenfield fintech platform. Influence architecture decisions at scale while keeping a hands-on role.
• Flexible, remote-first working culture with global talent.
• A chance to build a security function from the ground up, automate deeply, and scale securely.