Cyber Defence and Security Operations Manager (EMEA & APAC)

We have an exciting new opportunity for aCyber Defence and Security Operations Managerto join the A&O Shearman Belfast office.

Apply today via the link below or contact for more information.

About the team

The firm's ability to keep our clients' data secure is a bedrock for our reputation as a trustworthy professional services partner to many of the world's large and prestigious organisations. Information security is not an afterthought; it is core to all that we do, to protect not only our data but that of our clients, and has the unwavering support of the Board.

Led by our new CISO, the in-house Information Security team is a core part of our technology services structure with mature or evolving capability across all areas of digital security and cyber defence. We align our efforts to the NIST framework and other recognised certifications including ISO27001 and SOC2 and strive to keep pace with the continually evolving threat landscape, in support of A&O Shearman's strategy to lead where global complexity creates opportunity.

In addition, you will have the opportunity to share and gain intel from the firm's cybersecurity lawyers. The global team have experience advising clients on hundreds of incidents. Leveraging this experience, they feedback practical lessons learned into clients' cyber risk management and incident response programmes.

What you will do

Reporting to the global Head of Cyber Defence, the Cyber Defence and Security Operations Manager is a key role within the firm which is responsible for day-to-day management of the Cyber Defence and Security Operations Centre within their time-zone, EMEA & APAC. They will make sure that the firm can effectively monitor, analyse, and respond to cyber security events and incidents and will oversee a team of senior analysts and analysts, providing guidance and direction to protect the organisation's information assets and infrastructure from cyber threats.

This will include:

Security Monitoring and Incident Response

• Establish a positive and collaborative working relationship with your Managed Security Service Provider (MSSP) who performs Level 1 monitoring of our global security alerts and events.
• Orchestrate the analysis of Level 2 alerts and events escalated by the MSSP, correlating data from multiple sources, to quickly assess potential incidents, their scope, and impact.
• Achieve deep understanding of the available toolsets and how to operate them to best effect in incident prevention, detection and response, providing feedback to the security architecture and engineering team about how they can be optimised.
• Make decisions on the implementation of containment measures at speed.
• Document actions taken in response to security events and incidents in line with standard operating procedures.
• Be responsible for the effective and efficient transition from the prior shift and to the next shift in line with the follow-the-sun operating model.
• Take the lead in a CSIRT (cyber security incident response team) capacity for managing global response activities for Level 3 security and data breach incidents, coordinating with IT teams and stakeholders including Privacy Officers.
• Oversee incident investigation activities, ensuring forensic evidence is gathered and documented appropriately.
• Lead post-incident reviews and implement improvement measures.
• Pick-up and hand-off incident response activities to regional Cyber Defence teams in APAC, EMEA and US respectively, in line with our 24-7 follow-the-sun global model.
• Participate in security incident response exercises and training.

Leadership and Team Management

• Assist the Head of Cyber Defence in managing a team of analysts and senior analysts in EMEA & APAC, providing operational direction, performance management, and training.
• Provide structured mentorship to local junior Cyber Defence staff, supporting their technical development and career progression.
• Assist the Cyber Defence and Security Operations Performance Lead in ensuring the team fulfils shift work responsibilities and procedures.
• Ensure that any incidents are suitably mitigated and addressed, with the full incident lifecycle completed. This may require working additional hours under high pressure, high expectations, and demanding deadlines.

Strategy and Policy Development

• Manage the development, maintenance and implementation of Cyber Defence and Security Operations strategies, policies, playbooks, and procedures to ensure effective monitoring, analysis, and response to cyber security events and incidents, under the strategic direction of the Head of Cyber Defence.
• Own and govern the lifecycle of any other documentation relating to Cyber Defence, ensuring accuracy, accessibility, and alignment with compliance standards.
• Act as a thought leader for the firm on Cyber Defence, maintaining an awareness of emerging cyber threats and defensive innovations, through independent research and threat intelligence insights from the Threat and Vulnerability Management team.
• Use these insights to inform strategic recommendations made to Head of Cyber Defence on new approaches to address and mitigate the latest cyber threats.

Optimisation and Collaboration

• Work closely with the MSSP, cyber defence regional managements, and information security colleagues to optimise security monitoring capabilities through improvements to cyber defence processes, use cases, automation, and team capabilities.
• Collaborate with IT and security teams to implement controls, resolve Cyber Defence-related tickets, and enhance the organisation's security posture.

Performance Tracking and Reporting

• Track and coordinate the production of Cyber Defence and Security Operations metrics (SLAs, KPIs, KRIs) in collaboration with the Head of Cyber Defence and the Performance Lead.

Compliance

• Support client assurance activities by responding to queries about the Cyber Defence and Security Operations team's activities, tooling, policies, and procedures.

What you will have

• Bachelors degree in Information Security, Computer Science, Engineering, Technology or a related field, or equivalent experience.
• Extensive experience in a Security Operations, Incident Response, CSIRT or similar role.
• Proven experiencein a management or supervisory capacity, with responsibility for managing Cyber Defence or Security Operations activities. Demonstrated ability to lead, mentor, and collaborate across teams.
• Holds recognised industry certifications relevant to Cyber Defence such as:
  • CISSP (Certified Information Systems Security Professional)
  • CEH (Certified Ethical Hacker)
  • CISM (Certified Information Security Manager)
  • CompTIA Security+
• Strong technical background with deep familiarity in:
  • Cyber defence principles and best practices
  • Security standards and frameworks
  • Security services and systems (e.g. SIEM, IDS/IPS, endpoint protection)
  • Significant experience in leading and orchestrating incident response activities, including:
  • Triage and containment
  • Coordination with stakeholders
  • Post-incident review and documentation
• Experience with environments handling highly sensitive data, including understanding of the threats and how to respond to these threats.
• Excellent verbal and written communication skills, translating cyber security terminology into professional and straightforward language suitable for a global law firm.

You will stand out if you bring

• Experience working with major cloud service providers (CSPs) technologies, such as:
  • Microsoft Azure
  • Google Cloud Platform (GCP)
  • Amazon Web Services (AWS)
• Prior legal firm or professional services firm experience

Should you require additional support at any stage of the recruitment process due to a disability or a health condition, please do not hesitate to contact a member of our recruitment team who will work with you to provide any adjustments as required.

We are an equal opportunities recruiter and do not discriminate on the basis of race, colour, sex, religion, sexual orientation, national origin, disability, or any other protected characteristic.