Job Specifications
Job ID:43350
Location:Birmingham : 1 Trinity Park : Bi
Position Category:Information Technology
Position Type:Employee Regular
Security Operations Manager
Role Overview
The Security Operations Manager is responsible for building, operating, and continually advancing LRQA’s corporate cyber defence capability in an environment where attackers move fast and automation matters. You will lead a high‑performing internal Security Operations team while overseeing a 24×7 outsourced SOC and Incident Response provider.
This is a hands-on operational management role where you will combine threat‑informed detection engineering, incident response coordination, vulnerability management, and AI‑assisted defence. Working closely with IT and senior leadership, your will lead LRQA’s Cyber Security Analysts, y drive the adoption of AI tooling to elevate detection quality, investigation speed, and response outcomes.
Key Responsibilities
Detection & Response Operations
Design, mature, and scale LRQA’s detection and response capabilities across endpoints, identity, cloud, and network environments.
Own and continuously improve alert logic, response playbooks, escalation workflows, and post‑incident review processes.
Ensure threats are detected, triaged, contained, and remediated quickly and consistently.
Lead incident response during major security events—coordinating internal teams and managing third‑party IR resources where required.
Team Leadership
Manage and mentor a team of internal Cyber Security Analysts.
Provide technical direction, operational structure, coaching, and performance development.
Build analyst capability, with a focus on modern detection engineering and AI‑assisted investigation techniques.
Third‑Party SOC & Incident Response Management
Oversee a 24×7 third‑party SOC and IR provider as LRQA’s operational extension.
Define and enforce SLAs, KPIs, and escalation procedures.
Conduct regular service reviews to ensure high-quality detections, effective response actions, and continual improvement.
Be the primary point of accountability for all outsourced SOC and IR outcomes.
AI‑Assisted Defence
Drive adoption of AI‑enabled security tooling across detection, investigation, and response workflows.
Integrate AI outputs into detection engineering and decision-making, to enhance the team's capability.
Establish guardrails to ensure AI recommendations remain explainable, accurate, and aligned to LRQA’s security standards.
Vulnerability Management
Own and drive LRQA’s vulnerability management programme, ensuring timely identification, prioritisation, and remediation of weaknesses across endpoints, cloud services, identity systems, and networks.
Collaborate with IT, engineering, and cloud teams to ensure remediation activities are tracked, risk‑aligned, and completed within agreed SLAs.
Use innovative methods to enhance vulnerability prioritisation, exploit‑likelihood assessment, and risk scoring.
Integrate vulnerability intelligence into detection engineering and threat‑modelling activities to strengthen LRQA’s overall defensive posture.
Provide clear reporting on vulnerability trends, remediation progress, and systemic risk to senior security leadership.
Metrics & Reporting
Define, track, and maintain operational metrics such as MTTD, MTTR, alert fidelity, and incident trends.
Provide clear, actionable reporting to senior security leadership.
Use data-driven insights to prioritise improvements, influence tooling investment, and strengthen operational resilience.
Cross‑Functional Collaboration
Partner with IT, Cloud, Engineering, and Risk teams to remediate vulnerabilities and reduce systemic security risk.
Support compliance, audit, and regulatory enquiries relating to security operations.
Required Qualifications
Experience leading Security Operations, SOC, or incident response teams.
Strong understanding of detection engineering, incident response lifecycle, and modern security monitoring technologies.
Proven track record managing third‑party SOC and IR service providers.
Familiarity with AI-assisted security tools.
Strong leadership, communication, and vendor management skills.
Preferred Qualifications
Experience operating in hybrid or cloud‑first environments.
Hands-on experience with SIEM, EDR/XDR, and SOAR platforms.
Experience mapping detection logic to frameworks such as MITRE ATT&CK.
What Success Looks Like
An AI first mindset for improving detection and response.
High‑fidelity detections with dramatically reduced alert noise.
Fast, predictable, and high‑quality incident triage and response.
A motivated internal team supported by a third‑party SOC that delivers outcomes.
Reduction in exposures through vulnerability trend analysis and remediation prioritization
Pre-Employment Checks
If you are successful in securing a role with us, we will carry out pre-employment checks in accordance with what is allowed under local law.
These checks will include, (as permitted):- right to work, ide
About the Company
By bringing together unrivalled expertise in certification, brand assurance, food safety, cybersecurity, inspection and training, we’ve become a leading global assurance provider.
We’re proud of our heritage, but it’s who we are today that really matters, because that’s what shapes how we partner with our clients tomorrow. By combining strong values, decades of experience in risk management and mitigation and a keen focus on the future, we’re here to support our clients as they build safer, more secure, more sustainable busi...
Know more