Job Description:

Job Title - Security Operations - Operations Manager

About US:

With over 200 brands sold in nearly 180 countries, we're the world's leading premium drinks company.

Bring your passion and use your curiosity as you explore, collaborate, and innovate to build brands consumers love.

Together with passionate people from all over the world, you'll test new ideas, learn and grow, and unlock a brighter, more exciting future.

About the Function:

Our Digital and Technology (D&T) team are innovators, delivering ground-breaking solutions that will help shape the future of our iconic brands.

Technology touches every part of our business, from the sourcing of sustainable ingredients to marketing and development of our online platforms.

We utilise data insights to build competitive advantage, supporting our people to deliver value faster.

Our D&T team includes some of the most talented digital professionals in the industry.

Every day, we come together to push boundaries and innovate, shaping the digital solutions of tomorrow.

Whatever your passion, we'll help you become the best you can be, creating career-defining work and delivering breakthrough thinking.

About the Role:

The SOC Manager is responsible for leading and managing Security Operations Center (SOC) functions, ensuring effective 247 monitoring, detection, incident response, and threat hunting across enterprise IT, cloud, OT, and digital environments.

This role focuses on operational excellence, team leadership, incident readiness, and continuous improvement, while aligning SOC activities with enterprise cybersecurity strategy and business objectives.

Key Responsibilities:

SOC Leadership & Operations:

- Lead day-to-day SOC operations, ensuring continuous monitoring, detection, and response to security events and incidents.

- Manage L2/L3 SOC analysts, incident responders, and threat hunters, fostering a high-performance culture.

- Ensure adherence to incident response SLAs, escalation paths, and communication protocols.

- Act as the incident commander for major cyber incidents, coordinating technical response and stakeholder communication.

Incident Response & Threat Management:

- Oversee incident triage, investigation, containment, eradication, and recovery activities.

- Conduct root-cause analysis and ensure corrective and preventive actions are implemented.

- Lead threat hunting activities using frameworks such as MITRE ATT&CK to identify advanced and stealthy threats.

- Coordinate post-incident reviews and lessons-learned sessions.

Technology & Platform Management:

- Own and optimize SOC technologies including SIEM, SOAR, EDR/XDR, NDR, and threat intelligence platforms.

- Drive use-case development, tuning, and automation to reduce false positives and improve detection fidelity.

- Partner with engineering and IT teams to onboard new log sources and improve telemetry quality.

- Ensure SOC tooling aligns with enterprise architecture and cybersecurity strategy.

Process, Metrics & Continuous Improvement:

- Define, track, and report SOC KPIs and metrics (MTTD, MTTR, alert quality, incident trends).

- Drive continuous improvement initiatives using data, automation, and process optimization.

- Maintain and improve SOC playbooks, runbooks, and standard operating procedures.

- Support tabletop exercises, red-team/blue-team simulations, and readiness testing.

Collaboration & Stakeholder Management:

- Collaborate with GRC, IAM, Security Architecture, Cloud, OT, and Product Security teams.

- Act as a key liaison between SOC and IT, engineering, and business stakeholders.

- Support audits, regulatory inquiries, and risk assessments by providing operational evidence.

- Engage with vendors, MSSPs, and service providers, ensuring contractual SLAs are met.

People Development & Culture:

- Recruit, onboard, and mentor SOC talent.

- Build career paths, training plans, and succession strategies for SOC staff.

- Foster a culture of learning, innovation, accountability, and resilience.

- Promote security awareness and collaboration across the organization.

Required Qualifications:

- Bachelor's degree in Computer Science, Information Security, Engineering, or related field.

- 8-12+ years of cybersecurity experience with 5+ years in SOC / incident response leadership.

- Strong hands-on experience with SIEM/SOAR platforms and security monitoring tools.

- Proven experience leading major cyber incidents in enterprise environments.

- Strong understanding of threat frameworks (MITRE ATT&CK) and attack methodologies.

- Experience working with globally distributed teams and 247 operations.

Preferred Qualifications:

- Certifications such as CISSP, CISM, GCIA, GCIH, CRISC.

- Experience with cloud security monitoring (AWS/Azure/GCP).

- Experience managing MSSPs or outsourced SOC models.

- Strong executive communication and reporting skills