AMS PSR

On behalf of the Met Office, we are looking for a Cyber Security Operations Manager (Inside IR35) for a 6 month contract based Hybrid in Exeter.

Job Summary & Purpose

The Cyber Security Operations Manager is a leadership role responsible for overseeing the Security Operations Centre (SOC) within the Cyber Security team.

The Cyber Security Operations Manager, will design, implement and continuously improve the department’s Security Operations strategy, ensuring rapid detection, response and recovery from cyber threats and incidents. The role will lead a team of security professionals and embed security practices in line with best practice standards.

The role has management responsibility for 8+ team members.

SC Clearance is an essential requirement for this role, as a minimum you must be willing & eligible to undergo checks. Please note, due to the exceptional requirements of this position (short-term nature of this role and speed at which we require a postholder in situ) preference may be given to candidates who meet all of the essential criteria and hold active security clearance.

As a Cyber Security Operations Manager your main responsibilities will be:

• Team Leadership and Development: Lead, manage and mentor a team of cyber security analysts to ensure the team operate effectively. Develop the team utilising the career framework to identify learning needs and career pathways.
• Incident Management: Lead incident detection, triage, escalation and resolution processes; assessing impacts and directing appropriate measures to contain and mitigate threats, conduct post‑incident reviews and drive continual service improvement including exercising to test procedures.
• Security Monitoring: Be the escalation point for alerts. Provide direction for improvements to monitoring systems for our environment covering specific technologies or threats. Direct the development and tuning of new and existing rules.
• Threat Intelligence: Stay up to date on the latest cyber threats and attack techniques, incorporating threat intelligence into security practices, cascading to relevant stakeholders.
• Reporting and Metrics: Define cyber security metrics and targets. Prepare and present regular reports on security incidents, and trends to management, translating technical metrics into business focused risk insights.
• Vendor & Stakeholder Management: Oversee service providers, managing Service Level Agreements (SLAs) and Key Performance Indicators (KPIs), serve as the principal interface with cross‑government departmental SOCs.
• Budget Management: Support the management of the department budget to ensure optimal allocation of resources to meet security objectives.

Essential:

• Team Leadership Experience: Demonstrated ability to lead and manage a team, this includes decision-making, effective communication and service management skills.
• Incident Management: In-depth knowledge of incident management processes, including the ability to assess the impact of critical security incidents and lead the response efforts, ensuring procedures are available and maintained.
• Security Monitoring: Proven experience delivering an effective security monitoring capability, with continuous improvements that reflect changes from risks and threats in a timely manner, including proactive threat hunting and intrusion detection.
• Threat Intelligence: Proven experience delivering threat intelligence and assessment in the context of the organisation to stakeholders by gathering and analysing information to identify and mitigate cyber threats from both open-source (OSINT) and commercial threat intelligence.
• Cyber Security Operations: Proven experience operating cyber security solutions and tools (e.g. Security Information and Event Management (SIEM), maintaining security records and documentation in accordance with security operating procedures.
• Vendor & Stakeholder Management: Demonstrated experience in managing relationships with external vendors, managed security service providers (MSSPs), and technology partners, ensuring contractual obligations, service level agreements (SLAs), and performance metrics are consistently met or exceeded.

Desirable:

• CISSP, CISM or equivalent professional cybersecurity certification
• Experience with Cloud Security (AWS, Azure)
• ITIL Foundation (or equivalent) service management qualification

Please be aware that this role can only be worked within the UK and not Overseas.

Disability Confident 

As a member of the Disability Confident Scheme, the Met Office guarantees to interview all candidates who have a disability and who meet all the essential criteria for the vacancy. In cases where we have a high volume of candidates who have a disability who meet all the essential criteria, we will interview the best candidates from within that group. This scheme encourages candidates with a disability and/or neurodivergence to apply. In exceptional circumstances, we may also need to apply the desirable criteria in our shortlisting process which may include holding active security clearance.

Armed Forces Commitment

The Met Office guarantees to interview veterans or spouses / partners of military personnel who meet all the essential criteria for the vacancy. In cases where we have a high volume of ex-military candidates / military spouses or partners, who meet all of the essential criteria, we will interview the best candidates from within that group. In exceptional circumstances, we may also need to apply the desirable criteria in our shortlisting process which may include holding active security clearance.

In applying for this role, you acknowledge the following "this role falls in scope of the Off Payroll Working in the Public Sector legislation. Any rates of payment quoted will reflect the gross rate per day for the assignment and will be subject to appropriate taxes and statutory costs. As such the payment to the intermediary and your income resulting from this contract will be different".