Security Operations Manager (SecOps)

Huntswood’s success relies on its computing facilities being available, performant and secure.

The purpose of the role of the SecOps Manager is to act as a senior point of architecture, design, escalation, quality assurance for the overall security and ‘back of house’ technologies and corporate systems. The role holder will be required to co-ordinate the SecOps team in providing Security and Compliance related service to the business.

The core domain of this role is the integration of technology and systems covering the below (not an exhaustive list) in order to deliver an efficient and secure service with a focus on real world implementation and usage.

Job description

Security Operations Leadership

• Act as the escalation point for security issues across Technology, other departments, and external customers.
• Oversee and allocate work to the SecOps team, ensuring full engagement, mentoring, and alignment with business priorities.
• Conduct regular one-to-one meetings with team members to discuss well-being, personal goals, training needs, and ticket progress, while ensuring policies and procedures are updated.
• Lead sprint planning, reviewing the SecOps ticket backlog and prioritising tasks within the team’s two-week sprint cycles.
• Manage employee onboarding, ensuring new team members receive appropriate training and support.
• Lead the interview process for new SecOps hires, ensuring candidates align with team and business needs.
• Own and maintain the security incident process, ensuring timely and effective response.
• Perform daily operational checks to ensure critical security tasks are completed, including:
• Confirming patching tickets are processed.
• Reviewing vulnerability dashboards and security ticket queues.
• Monitoring alerts and ensuring on-call team members are responding appropriately.
• Ensuring daily task dashboards are completed and addressing any backlog.
• Facilitate weekly SecOps team meetings to align on key issues, share insights, and drive continuous improvement.
• Provide guidance and escalation support for complex or unfamiliar security issues.
• Identify opportunities to improve the overall performance of the SecOps team through training, technical enhancements, and process optimisation.

Security Engineering & Operations

• Engineer, implement, and monitor security measures to protect computer systems, networks, and information.
• Identify and define system security requirements and develop detailed security and infrastructure designs.
• Configure and troubleshoot security infrastructure devices to ensure optimal performance and protection.
• Develop and implement security technical solutions, analyse new tools to mitigate vulnerabilities, and automate repeatable tasks.
• Prepare and document standard operating procedures and protocols.

Collaboration with Third Parties

• Maintain regular engagement with security system suppliers to optimise solutions and address any issues, with scheduled meetings at appropriate intervals.
• Review third-party due diligence questionnaires during onboarding and renewal processes, assessing security compliance from a technology perspective.
• Complete customer due diligence questionnaires and security assessments, providing insights into the organisation's security posture.
• Review security-related contractual schedules to ensure compliance with client requirements before legal review.
• Participate in customer security meetings, providing updates on security measures and ensuring required controls remain in place.

Service & Continuous Improvement

• Ensure technology systems and support are optimised for remote employees, addressing design and remediation needs.
• Work closely with other Technology teams to ensure end-to-end satisfaction with technology services.
• Ensure tickets are responded to quickly, professionally, and in line with agreed service level agreements (SLAs).
• Design and implement new solutions while improving resilience in the current environment.
• Ensure security measures align with business objectives, minimising risks to confidentiality, integrity, and availability.
• Represent the business in external audits, providing feedback and addressing any security shortcomings.
• Drive continuous improvement through the identification and implementation of technical and process enhancements.

Essential skills

• Experience implementing Firewall rules (e.g. AWS Firewall)
• Experience implementing CASB and Zero Trust Networking tools (e.g.NetSkope, Zscaler, Cloudflare)
• Track record of providing security services in large organisations.
• Experience in building & maintaining security systems and infrastructure.
• Detailed technical knowledge of operating system security.
• Experience with network technologies and with system, security, and network monitoring tools.
• Experience with Mail Security, Web Filtering and DLP technologies
• Thorough understanding of the latest security principals, techniques and protocols.
• Familiarity with web related technologies (Web Applications, Web Services, Service Oriented Architectures) and of network/web protocols.
• Expert understanding of firewall/IPS/IDS principles and practices.
• Analyse and advise on new security technologies and program conformance.
• Good understanding of Identity Management / device access controls including multi-factor authentication.
• Understanding of a Microsoft Windows Active Directory environment.
• Good understanding of the Microsoft Windows and Office security and patching practices (e.g. Ivanti/Shavlik/Qualys).
• Understanding of Linux (Ubuntu preferred) security and patching practices
• Scripting experience (PowerShell and Python preferred, utilising SOAP and REST API technologies)
• Be able to demonstrate excellent problem management skills.
• Excellent business communication skills, with the skills to communicate at all levels.
• Excellent time management and prioritisation skills#
• Experience completing external security audits
• An out-of-the-box thinker with a passion for IT and how information technology and new technology can be used to improve Huntswood.
• Experience of large and small technology change projects within a fast paced and demanding corporate culture.
• Capable of taking a holistic approach to IT security, data protection and new initiatives such as GDPR balancing the need for the business system owners to manage their risks rather than emasculating functionality.

Desirable skills

• Be able to demonstrate an expert understanding of the major Microsoft packages namely Microsoft Windows and Office, including licencing and cloud services.
• Any of the following IT qualifications; CompTIA A+, Microsoft Certified IT Professional (MCITP).
• Experience of working with ISO27001:2013 onwards.
• Experience of working with PCIDSS
• Experience of working with Cyber Essential Plus
• Experience in Financial Services or working in a regulated and secure environment.
• Good project management skills, utilising tools such as Jira