About Us We are part of International Airlines Group (IAG), one of the world’s leading airline groups and owner of some of the biggest brands in the sky. IAG Transform provides creative and innovative solutions to drive sustainable transformation by delivering procurement and airline services, as well as group-wide systems across IAG. Each operating company benefits from the Transform centralised model, driving efficiencies, automation, and economies of scale. Purpose of the role This is a high-impact greenfield role ideal for a strategic and hands-on cybersecurity professional. As an senior manager within the Group SOC, you will be responsible for defining and implementing the end-to-end operating model for collaboration between the central Security Operations Center (SOC) and supporting functions. You will formulate all core processes, define areas of handover with the core SOC, and establish the technology stack and deliverables necessary to enable scalable and effective security operations encompassing cyber threat intel and cyber incident response functions. A key early responsibility will be contributing to the onboarding and transition of a new Managed Security Services Provider (MSSP). You will work closely with the chosen vendor to define operational procedures, service delivery models, key performance indicators (KPIs), and service level agreements (SLAs). Building a strong, collaborative relationship with the MSSP will be a critical short-term goal. In the longer term, this role will take ownership of developing the business case for building and strengthening internal capabilities — laying the foundation for a future in-house team and transitioning key functions where strategically appropriate. You will also be expected to build trusted relationships with external stakeholders across operating companies to ensure SOC services are aligned with business risk and operational priorities Your responsibilities Automation of SOC Processes Design and implement automation solutions to streamline repetitive tasks such as alert triaging, incident response, and reporting - Platform Support and Tool Integration Oversee and complete transition of SIEM platform support from incumbent to new supplier, along with resolution of any transition blockers Following transition – be responsible for overall BAU platform maintenance of Splunk (SIEM) Creation and maintenance of the SOC KnowledgeBase stores Responsible for diverse platform maintenance used for delivering SOC services (Cloud Accounts etc) Integrate various security tools (SIEM, SOAR, firewalls, etc.) to improve data flow and response coordination. - Optimization of Workflows Enhance and optimize SOC workflows for improved efficiency and reduced manual effort. - Development of Playbooks Create automated response playbooks for common security incidents, enabling faster and more consistent incident handling. - Collaboration with Security Teams Work closely with SOC analysts and engineers to identify areas for automation and provide technical solutions. - Monitoring and Maintenance Ensure the continuous operation and performance of automation tools, resolving issues as they arise. Your skills, experience and qualifications Proficiency in automation tools (e.g., SOAR platforms, Ansible, Phantom). Expertise in scripting languages (e.g., Python, PowerShell, Bash). Strong knowledge of SOC processes (incident response, threat detection). Experience with SIEM platforms (e.g., Splunk). Ability to integrate and automate security tools. Strong problem-solving and analytical skills. Experience in developing automated workflows and playbooks. Knowledge of security frameworks (e.g., MITRE ATT&CK, NIST). Strong collaboration and communication skills. Experience with log management and event correlation automation What we offer The chance to enjoy a challenging career in an exciting, fast-moving environment in a dynamic industry. The opportunity to work in a multi-cultural environment with great offices in many locations. We support our people in maintaining work/life balance, as well as providing the many benefits one would expect from a global organisation, including health insurance, pension and performance bonuses. We are an equal opportunities employer and all qualified applicants will receive consideration for employment without regard to race, colour, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law