Cyber Incident Response Team Manager

We are a part of International Airlines Group, one of the world’s leading airline groups flying to over 270 destinations and carrying more than 100 million passengers each year.

We provide a plug and play platform of scalable, best in class procurement, finance and IT business services to Aer Lingus, British Airways, IAG, IAG Cargo, IAG Loyalty, Iberia, Iberia Express, LEVEL and Vueling.

We combine functional expertise with a strong focus on customer service to make our Group stronger, more efficient, more competitive. 

This is a high-impact greenfield role ideal for a strategic and hands-on cybersecurity professional. As an individual contributor, you will be responsible for defining and implementing the end-to-end operating model for collaboration between the central Security Operations Center (SOC) and supporting functions. You will formulate all core processes, define areas of handover with the core SOC, and establish the technology stack and deliverables necessary to enable scalable and effective security operations.

A key early responsibility will be contributing to the selection and onboarding of a new Managed Security Services Provider (MSSP). You will work closely with the chosen vendor to define operational procedures, service delivery models, key performance indicators (KPIs), and service level agreements (SLAs). Building a strong, collaborative relationship with the MSSP will be a critical short-term goal.

In the longer term, this role will take ownership of developing the business case for building and strengthening internal capabilities — laying the foundation for a future in-house team and transitioning key functions where strategically appropriate. You will also be expected to build trusted relationships with external stakeholders across operating companies to ensure SOC services are aligned with business risk and operational priorities

Qualifications

Educated to degree level or equivalent experience

Desired qualification

• Recognized Security qualifications desirable e.g. CISM, CISSP (preferred)
• Experience in leading complex of Security focused teams or Level 3 Senior Security Analyst / Senior Incident responder / forensic investigator
• Project Management experience and certification (preferred)
• Ability to lead and manage a large team of security analysts and specialists.
• Expertise in incident detection, analysis, and response methodologies.
• Proficiency in coordinating and leading incident response efforts during security breaches and incidents.
• Deep understanding of cybersecurity principles, technologies, and best practices.
• Knowledge of security tools and technologies used in a SOC environment, such as SIEM (Security Information and Event Management), IDS/IPS (Intrusion Detection and Prevention Systems), and EDR (Endpoint Detection and Response) solutions.
• Ability to assess and prioritize security risks based on their potential impact and likelihood.
• Knowledge of relevant regulatory requirements and industry standards (e.g., GDPR, PCI DSS).
• Experience in ensuring SOC operations comply with legal, regulatory, and contractual obligations
• Strong verbal and written communication skills to articulate complex technical concepts to diverse audiences.
• Ability to communicate effectively with senior management, stakeholders, and external partners.
• Adaptability to rapidly changing threat landscapes and evolving technologies.
• Capacity to adjust SOC strategies and operations in response to emerging threats and organizational needs.

Experience

• Extensive experience in Security Operations
• Prior experience in a CIRT Team
• Leadership in Security Incident Response (SIR)
• Expertise in SIEM/SOAR tools
• Broad knowledge of security concepts (threat intel, vulnerability management, network security)
• Experience in threat analysis & security alert detection
• Familiarity with security frameworks (MITRE ATT&CK, NIST CSF)
• Security team leadership or strong leadership potential
• Experience in performance management
• Excellent communication & collaboration skills
• Security scripting and automation skills (Python, Bash) (Optional)
• Knowledge of cloud security concepts and best practices (Optional)
• Understanding of security compliance regulations (PCI DSS, ) (Optional)