Security Operations Director

Security Operations Director (SC Clearable)

Fulltime

Contract Inside IR35

6 months initially

£750-800 per day pay Inside IR35 via umbrella

Location: Birmingham hybrid (2-3 days per week in office)

Are you an experienced Security Operations Director with strong knowledge of SOC + Security operations, Incident Response implementation, SOC Process Development, Security Ops Budget + Financial Management and Security Ops Maturity Improvement amongst others?

ARM is recruiting for a fulltime contract experienced Security Operations Director to work for our global technology client.

Our client:

They're a leading business with a global reach that empowers local teams, and they undertake hugely exciting work that is genuinely changing the world. Their advanced portfolio of consulting, applications, business process, cloud, and infrastructure services will allow you to achieve great things by working with brilliant colleagues, and clients, on exciting projects.

Their Public Safety & Defence Sector division is growing rapidly, and they are looking for experienced lead pre-sales solution architects to join the team. We are looking for highly motivated individuals who are capable of working at pace: rapidly getting up to speed with new requirements and shaping compelling, innovative and differentiated solutions for our customers.

We are currently recruiting for a dynamic Security Operations Director to join our growing Security Operations Centre business.

This is a great opportunity for you to play a pivotal role in helping to shape our client's transformation journeys.

Role Purpose

The Security Operations Director is responsible for overseeing security operations at both strategic and operational levels. The role ensures the effectiveness of security practices, manages incidents, drives operational maturity improvements, and oversees containment and recovery activities. Operating at SFIA Level 6, the role requires the initiation, definition, and oversight of high-impact security operations activities, including incident response, operational maturity improvement, containment, and recovery efforts. The Director is responsible for aligning security initiatives with business objectives and ensuring the organisation's resilience against evolving threats.

What to expect:

Using your background in SOC Service Delivery background and experience, you will:

• Pre-Sales Support and Business Development

o Partner with sales and business development teams to define and articulate the value proposition of the security offerings, including SOC services, incident response, threat intelligence, vulnerability management, and compliance.

o Represent the security operations function in client engagements, pre-sales discussions, and technical assessments, positioning the organisation's capabilities to meet client needs.

o Design and present tailored solutions and service models based on customer-specific challenges, industry regulations, and threat landscapes.

o Collaborate with delivery teams to create accurate statements of work (SOWs) and ensure alignment between client requirements and achievable security operations deliverables.

o Influence product roadmaps by providing feedback from client conversations, ensuring services meet market demands and technological advancements.

• Service Delivery Assurance

o Oversee the performance and quality of security services delivered to customers, ensuring compliance with agreed service-level agreements (SLAs) and adherence to key performance indicators (KPIs).

o Implement governance mechanisms to standardise service delivery processes, ensuring scalability and operational consistency.

o Drive the adoption of best practices, playbooks, and standardised methodologies to optimise efficiency and ensure repeatable, high-quality engagements across the MSSP space.

o Act as the primary escalation point for high-profile or complex client engagements, resolving concerns effectively to maintain satisfaction and long-term partnerships.

o Conduct regular client reviews to assess alignment with evolving business needs, strengthen relationships, and identify opportunities for service enhancements or upselling.

• Budget and Financial Management

o Develop and manage the overall financial plan for the security operations function, including budgeting, cost control, and profitability analysis.

o Monitor operational expenses and identify opportunities for cost reduction through improved processes, technology adoption, and automation.

o Ensure the profitability of MSSP services through meticulous financial forecasting, revenue tracking, and margin analysis.

o Track the return on investment (ROI) of SOC tools, technologies, and team members, ensuring financial decisions support the organisation's strategic goals.

o Collaborate with finance teams to refine MSSP pricing models, maintaining market competitiveness while ensuring profit margins meet or exceed targets.

o Lead efforts to reduce non-billable activities and maximise the utilisation of SOC personnel for billable client engagements.

• Incident Response and Management

o Develop and implement incident response frameworks and playbooks in alignment with industry best practices (e.g., NIST CSF, MITRE ATT&CK, ISO 27035) to standardise and optimise response efforts.

o Oversee the deployment, configuration, and utilisation of security tools such as SIEMs, IDS/IPS, endpoint protection systems, forensics tools, and threat intelligence feeds to enhance detection and response capabilities.

o Direct teams during high-severity incidents, ensuring coordination between SOC teams, internal business units, and external stakeholders to minimise business disruption.

o Act as the primary escalation point for operational challenges during incident response processes and ensure timely resolution of complex technical security incidents.

o Supervise the execution of routine security operations, including monitoring, vulnerability assessments, penetration testing, and remediation, ensuring compliance with organisational and regulatory security policies.

o Drive post-incident reviews to evaluate response effectiveness, extract insights, and implement lessons learned to improve future incident handling.

o Leverage insights from incidents and operational metrics to identify weaknesses in existing systems or processes and recommend long-term improvements.

• Security Operations Maturity Improvement

o Assess the overall maturity of the Security Operations Center (SOC) against industry-accepted models (e.g., SOC-CMM) and implement improvements.

o Drive automation and modernisation initiatives, such as deploying SOAR tools to improve response times and process efficiency.

o Define and monitor metrics such as Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR), ensuring continuous operational improvement.

o Strengthen SOC team capabilities through tailored training programs and coaching, promoting professional development.

Key Performance Indicators (KPIs)

• Reduction in Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR).
• Success rate of incident containment efforts within predefined response windows.
• Time to full system recovery after incidents, aligned with BC/DR objectives.
• SOC maturity improvements against established benchmarks (e.g., SOC-CMM).
• Satisfaction levels of stakeholders during significant incidents and operational reviews.
• Operation of the Security Operations in line with financial revenue, growth and profitability targets

What's important?

It starts with amazing people, challenging projects and a work environment that supports the creation of tangible solutions that make an impact. You will need to have a broad experience of security service delivery management and have evidence of experience in a number of the following fields of expertise:

• At least 10yrs of experience in providing technical support and advice for a Security Operations Centre and 5yrs in leadership role managing SOC's and Security Operations.
• Proven success in managing large-scale incident response, enhancing operational maturity, and aligning security strategies with organisational goals.
• Excellent communication and client relationship skills to interface with clients, stakeholders, and senior leadership.
• Significant experience and ability to manage and lead in crisis situations, ensuring a swift and effective response.
• Demonstrable experience in leading and coordinating diverse teams effectively.
• Excellent English writing skills for technical documents and improving processes (such as policies and reports).
• Outstanding English verbal communication skills with the ability to explain things in a clear and non-technical way.
• Strong attention to detail and the ability to deliver high quality work and build high performing teams.
• A relevant and recognised professional Security / Risk / Compliance certification supporting the role, such as CISSP, CISM, CCISO, GCIH, CRISC, etc.
• A valid right to work in the UK.
• Have held UK SC clearance or be eligible for obtaining UK SC clearance.