What you’ll be doing;

The Security Operations Director is responsible for overseeing security operations at both strategic and operational levels. The role ensures the effectiveness of security practices, manages incidents, drives operational maturity improvements, and oversees containment and recovery activities. Operating at SFIA Level 6, the role requires the initiation, definition, and oversight of high-impact security operations activities, including incident response, operational maturity improvement, containment, and recovery efforts. The Director is responsible for aligning security initiatives with business objectives and ensuring the organisation’s resilience against evolving threats.

What to expect:

Using your background in SOC Service Delivery background and experience, you will:

• Pre-Sales Support and Business Development
  • Partner with sales and business development teams to define and articulate the value proposition of the security offerings, including SOC services, incident response, threat intelligence, vulnerability management, and compliance.
  • Represent the security operations function in client engagements, pre-sales discussions, and technical assessments, positioning the organisation's capabilities to meet client needs.
  • Design and present tailored solutions and service models based on customer-specific challenges, industry regulations, and threat landscapes.
  • Collaborate with delivery teams to create accurate statements of work (SOWs) and ensure alignment between client requirements and achievable security operations deliverables.
  • Influence product roadmaps by providing feedback from client conversations, ensuring services meet market demands and technological advancements.
• Service Delivery Assurance
  • Oversee the performance and quality of security services delivered to customers, ensuring compliance with agreed service-level agreements (SLAs) and adherence to key performance indicators (KPIs).
  • Implement governance mechanisms to standardise service delivery processes, ensuring scalability and operational consistency.
  • Drive the adoption of best practices, playbooks, and standardised methodologies to optimise efficiency and ensure repeatable, high-quality engagements across the MSSP space.
  • Act as the primary escalation point for high-profile or complex client engagements, resolving concerns effectively to maintain satisfaction and long-term partnerships.
  • Conduct regular client reviews to assess alignment with evolving business needs, strengthen relationships, and identify opportunities for service enhancements or upselling.
• Budget and Financial Management
  • Develop and manage the overall financial plan for the security operations function, including budgeting, cost control, and profitability analysis.
  • Monitor operational expenses and identify opportunities for cost reduction through improved processes, technology adoption, and automation.
  • Ensure the profitability of MSSP services through meticulous financial forecasting, revenue tracking, and margin analysis.
  • Track the return on investment (ROI) of SOC tools, technologies, and team members, ensuring financial decisions support the organisation’s strategic goals.
  • Collaborate with finance teams to refine MSSP pricing models, maintaining market competitiveness while ensuring profit margins meet or exceed targets.
  • Lead efforts to reduce non-billable activities and maximise the utilisation of SOC personnel for billable client engagements.
• Incident Response and Management
  • Develop and implement incident response frameworks and playbooks in alignment with industry best practices (e.g., NIST CSF, MITRE ATT&CK, ISO 27035) to standardise and optimise response efforts.
  • Oversee the deployment, configuration, and utilisation of security tools such as SIEMs, IDS/IPS, endpoint protection systems, forensics tools, and threat intelligence feeds to enhance detection and response capabilities.
  • Direct teams during high-severity incidents, ensuring coordination between SOC teams, internal business units, and external stakeholders to minimise business disruption.
  • Act as the primary escalation point for operational challenges during incident response processes and ensure timely resolution of complex technical security incidents.
  • Supervise the execution of routine security operations, including monitoring, vulnerability assessments, penetration testing, and remediation, ensuring compliance with organisational and regulatory security policies.
  • Drive post-incident reviews to evaluate response effectiveness, extract insights, and implement lessons learned to improve future incident handling.
  • Leverage insights from incidents and operational metrics to identify weaknesses in existing systems or processes and recommend long-term improvements.
• Security Operations Maturity Improvement
  • Assess the overall maturity of the Security Operations Center (SOC) against industry-accepted models (e.g., SOC-CMM) and implement improvements.
  • Drive automation and modernisation initiatives, such as deploying SOAR tools to improve response times and process efficiency.
  • Define and monitor metrics such as Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR), ensuring continuous operational improvement.
  • Strengthen SOC team capabilities through tailored training programs and coaching, promoting professional development.

Key Performance Indicators (KPIs)

• Reduction in Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR).
• Success rate of incident containment efforts within predefined response windows.
• Time to full system recovery after incidents, aligned with BC/DR objectives.
• SOC maturity improvements against established benchmarks (e.g., SOC-CMM).
• Satisfaction levels of stakeholders during significant incidents and operational reviews.
• Operation of the Security Operations in line with financial revenue, growth and profitability targets