Information Security Manager: Security Operations

Why are we recruiting?

In a world where cyber challenges and opportunities are constantly evolving, we are committed to staying ahead of the curve. With new investment aimed at enhancing the NAO's security maturity our Information Security team is expanding. This is your chance to join a dynamic organisation with clear strategic objectives and help advance our data use and embrace new technologies securely.

We're not just growing-we're evolving. As part of a forward-thinking organisation with a strong mandate to harness data and embrace cutting-edge technologies, our InfoSec team is central to enabling and securing the NAO's digital future.

We're on the lookout for passionate, curious, and collaborative security professionals across a wide range of specialisms. Whether your expertise lies in governance, engineering, threat detection, or cloud security, you'll find real scope to make an impact-both within InfoSec and across the wider organisation.

• Be part of a diverse and expanding team that thrives on challenge and innovation.
• Work in a complex, data-rich environment where your insights will shape national-level outcomes.
• Help embed security into every layer of our digital transformation-from strategy to code.

This is more than a job. It's a chance to help define the future of security at the NAO and be part of a high performing, and fun team.

Context and main purpose of the job:

Why are we recruiting for this role?

Integral to the NAO's Information Security strategy is an enhanced Security Operations function dedicated to delivering and developing its essential protect, detect, and respond capabilities.

The SecOps Manager will run the function, developing our critical security operations systems, tools, and processes to maintain and improve, the NAO's security posture and risk profile in support of our ambition of being an exemplar organisation.

Who are the team?

The role sits within an inclusive, diverse, respectful, and agile team of information security professionals responsible for enabling the business to better understand, identify and manage the threats and risks that could impact the NAO's ability to deliver on its vision and strategy.

What are the main responsibilities of this role?

The SecOps Manager will lead on the response to security alerts, incidents and events logged by colleagues, monitoring tools and security partners, progressing actions. The successful candidate will have an excellent knowledge of how a security operations centre functions and an understanding of how to develop and enhance these capabilities.

They will be able to communicate effectively with all levels of users, demonstrate competence, instil confidence, and deliver a high level of internal customer service. They will mentor and coach team members, helping them to develop their skills and advance their careers. They will also educate and advise colleagues on information security best practice.

They will be required to use their experience, initiative, research, and problem-solving skills to resolve issues and create written documentation.

The role requires a thorough understanding of the Microsoft's Azure and Defender tools at an expert level, as well as the ability to adapt to new technologies, learn new procedures, determine the source of problems, and advise on both tactical and strategic solutions.

Responsibilities

The Security Operations Manager will be responsible for the following.

Leadership

• Management of Information Security's Sec Ops functions in their delivery of robust best practise controls within an exemplar organisation.
• Ability to explain complex matters to a non-technical audience in a clear concise and engaging way.
• Collaborate with and build relationships with key stakeholder groups, such as Information Security and Digital Services to establish a strong understanding of the organisation and its needs.
• Ability to see the bigger picture and bring new ideas and challenge the status quo.
• Leadership by example, demonstrating a positive can-do attitude that supports the team both professionally and the team culture.

SecOps Management

• The delivery and day-to-day leadership of key technical security controls, and tools, across the organisation to ensure that security posture is effectively managed in line with enterprise risk appetite.
• Maintaining vigilant security monitoring of the technology estate and the execution of agreed protocols and processes n a consistent and timely manner when security issues arise.
• Ensure material investigations are conducted into information security events, alerts, and incidents.
• Provide subject matter expertise in response to security incidents.
• Support the development and optimisation of Microsoft Sentinel, Purview and Defender within the SecOps function.
• Support the SIEM, SOAR, and Zero Trust programmes.
• Support the SIEM's development ensuring broader insight across the technology estate.
• Drive the development of outcome-based metrics. Reporting on SecOps status through periodic reporting, updates, and meetings.
• Responsible for penetration testing, and ensure tests are carried out in line with the organisation's risk appetite, project requirements and to meet regulatory and external certification priorities.
• Oversee the 24/7 rota respond capability.

Risk Management

• Proactively identify, evaluate, and assess threats and risks that may impact the NAO's ability to deliver on its vision and strategy.
• Contribute to the maintenance of the Information Security Risk Register.
• Support the delivery of appropriate and proportionate risk treatments in line with the NAO's risk appetite.

ISMS

• Support the Information Security team to assure compliance with Information Security Policies, Standards and Controls.
• Support the ongoing retention of the NAO's information security certifications.
• Produce clear, concise reporting on the security of technology systems.
• Promote and advocate InfoSec as an SME throughout the NAO.

Horizon Scanning

• Horizon/capability forecasting and budget management experience.
• Leverage threat intelligence feeds to maintain awareness of global security threats, vulnerabilities and collaborate with Digital Services teams to mitigate risk and maintain/improve the organisational security posture.
• Maintain awareness of technology landscape and provide guidance on opportunities to improve in the context of the business.

Continuous Improvement

• Continuously monitoring the effectiveness of security measures and make necessary adjustments. This includes reviewing security incidents and implementing lessons learned to improve future responses.
• Maintain currency in security industry best practice to drive continuous improvement within the organisation.
• Deliver continuous development of the security policies, processes, standards, runbooks, and tools.
• Identify opportunities and initiatives to continuously improve the NAO's security and in particular the SecOps function in the context of the NAO's strategy and risk appetite.

Key skills/competencies required:

• Demonstrated experience leading a team focused on Cyber Security or Security Operations.
• Practical experience developing and enhancing Microsoft security services such as Azure, Sentinel, and/or Defender.
• Experience in proactive cyber risk management.
• Applied knowledge in two or more of the following security domains, with the ability to learn others:
• Identity & Access Management
• Network Security
• Messaging Security
• Endpoint Security
• Application Security
• Vulnerability Management
• Digital Forensics

Hands-on experience with two or more of the following toolsets:

• Security Incident & Event Management (SIEM) platforms, such as Azure Sentinel
• Vulnerability Management Tools
• Data Loss Prevention (DLP), such as Purview
• Microsoft Defender
• Currently pursuing or holding a relevant professional certification (e.g., CISSP, CISM, CISA, CEH, SANS GIAC).
• Demonstrated motivation for learning new skills.
• Analytical skills to identify threats, risks, vulnerabilities, and conduct root cause analysis.
• Ability to investigate and resolve complex problems.
• Effective written and verbal communication skills.
• Stakeholder engagement ability.
• SC Security Clearance, or able to quickly achieve SC clearance.