At the heart of everything we do is our vision to change lives every day, and our mission to grow The National Lottery responsibly and champion its impact. We are Allwyn UK, part of the Allwyn Entertainment Group – a multi-national lottery operator with a market-leading presence across Europe which includes: Czech Republic, Austria, Greece, Cyprus & Italy, and the US. While the main contribution of The National Lottery to society is through the funds to good causes, at Allwyn we put our purpose and values at the heart of everything we do. Join us as we embark on a once-in-a-lifetime, largescale transformation journey by creating a National Lottery that delivers more money to good causes. We’ll talk a bit more about us further down the page, but for now – let’s talk about the role and who we’re looking for… If you need any assistance or adjustments to this job description or in the application process, please contact a member of the talent team at careers@allwyn.co.uk and we’ll be happy to help. A bit about the role Lead and supervise Allwyn’s Security Operations Centre (SOC), ensuring the effective use of the tools, technologies, and processes that underpin security monitoring and incident response. The role is accountable for overseeing SOC team performance, including rota management, workload coordination, and the continuous development of analysts’ capabilities. Working in close partnership with the Senior Cyber Defence Manager, the role drives ongoing optimisation of detection logic, response processes, and the operational use of our SIEM, SOAR, EDR and other security platforms. The SOC Manager ensures that incident and threat response activities evolve in line with emerging risks, maintaining strong operational performance. Team Description: The Security team’s mission is to preserve the integrity of the National Lottery, safeguard the sensitive and personal data processed by Allwyn and its partners, and protect the people and premises across Allwyn UK. Operating in a heavily regulated environment, we secure a cloud‑first technology estate that supports one of the most visited digital platforms in the UK, an extensive retail network, and a diverse set of back‑office services. Our security model is built around cloud‑native architectures and modern security capabilities, with deep reliance on specialist third‑party providers who support our monitoring, detection, incident response, and assurance functions The Security Operations team sits within the Information Security group and works day‑to‑day wtih the Senior Cyber Defence Manager. Also working closely with Business Continuity, Compliance & Assurance, and other SOC‑aligned functions within the group. All of these sub‑teams operate under the leadership of the Director of Information Security. What you’ll be doing Lead day‑to‑day Security Operation to ensure effective monitoring, triage, and response across a cloud‑first, highly‑integrated security environment. Lead a team of 10 SOC analysts and oversee performance, including rota management, workload balancing, skills development, and ongoing coaching of analysts. Help the Senior Cyber Defence Manager drive continuous improvement of detection and response capabilities through feedback on the engineering tuning effectiveness, automation, and optimisation of SIEM, SOAR, EDR and other cloud‑native security platforms. Oversee the end‑to‑end lifecycle of SOC playbooks, operating procedures, and escalation paths, ensuring they stay current with evolving threats and technologies. Willingness to work shifts as needed to maintain adequate team coverage and operational staffing levels. Ensure high‑quality post‑incident reviews are completed, lessons‑learned are captured, and improvements are fed back into tooling, processes, and training. Partner with the Senior Cyber Defence Manager and specialist third‑party providers to continually strengthen threat detection, response processes, and overall, SOC maturity. Provide operational evidence, insights, and support to Governance, Risk & Assurance teams while maintaining clear separation of duties. Collaborate closely with the Major Incident Manager and TechOps teams to ensure coordinated response, timely escalation, and effective resolution of security incidents. Demonstrate a strong understanding of business and customer impact to support effective prioritisation, communication and incident response decision-making. Scope & separation of duties : Owns: security monitoring, incident management and response execution, SOC delivery, operational tooling. Contributes to risk insights and control evidence. What experience we’re looking for Battle‑hardened Security Operations leader (SOC Manager), with proven experience running high‑tempo monitoring and incident response in complex environments and the judgement to make calm, decisive calls under pressure Experienced working shoulder‑to‑shoulder with technology incident response teams, staying relentlessly customer‑centric in decisions, comms and recovery. Demonstrated ability / potential to lead, coach and develop people — this may come from formal line management, technical leadership, mentoring, or leading multidisciplinary teams. Experience coordinating operational activity such as incident response, service management, or technology change, with the ability to stay calm, structured and decisive under pressure. Familiarity with modern security tooling (SIEM, SOAR, EDR, cloud‑native monitoring, Azure Sentinel, and Elastic) with the ability and appetite to deepen expertise through on‑the‑job learning and partnership with Cyber Defence. Strong problem‑solving and analytical capability, able to understand complex incidents, identify patterns, and support the continuous improvement of detection and response processes. Clear, confident communication skills, capable of translating technical issues into operational actions and engaging effectively with engineers, analysts, third parties and senior stakeholders. Good organisational awareness, ideally including experience navigating Allwyn’s technology, ways of working, suppliers, or operational processes — or evidence of quickly adapting to similar environments. Ability to manage operational workload, including rota planning, prioritisation, and resource balancing to maintain consistent 24/7 coverage. Comfort working in cloud‑first, fast‑changing environments, with the ability to absorb new technologies, new threats, and new tooling quickly. Desirable (but not essential): Hands‑on experience with cloud security operations (Azure, AWS, GCP). Exposure to detection engineering, incident response, threat intelligence, or vulnerability management. Certifications such as CISSP, GCIH, GCIA, GMON, AZ‑500 — viewed as beneficial, not mandatory. Experience working with or leading third‑party security partners. About us At Allwyn, we are dedicated to changing lives and growing the National Lottery responsibly, championing its positive impact on people, places, and the planet. Innovation - We pride ourselves on it! We’re constantly looking for new ways to excite our customers, bringing new products to market to enjoy which is all supported by our responsible play values and making them accessible to all. Giving back – Did you know that playing the lottery generates around £30m a week for charities and good causes in the UK? Our aim is to have doubled this number by the end of the first 10-year license. Sustainability – Our aim is to become a net zero national lottery. We have 2030 targets to decarbonise our operations and energy. We’ve already transitioned to renewable energy providers, made our London and Watford offices zero gas, and ensured our fleet consists of low-emission vehicles. In addition, we’re working with our value chain partners to develop a net zero target date. Empowering every voice – We believe in creating a culture where everyone feels they belong, can be themselves, has access to opportunities and can thrive for the benefit of good causes. Our diverse teams are working hard to make all parts of The National Lottery inclusive – whether people play a game in a store or online- - because when everyone can play, everyone wins. Our people are more than colleagues - they’re winners, driving positive change and making a real difference in communities. We are a Disability Confident Leader which means we’ve taken proactive steps to ensure our workplace is accessible and inclusive for disabled and neurodivergent colleagues and candidates. As part of this we offer an interview to disabled applicants who meet the essential requirements of the job. An inclusive reward offering with wellbeing at the centre At Allwyn, inclusion is built into how we care for our people. Our benefits and policies support colleagues—and their families—at every stage of life and career. By prioritising wellbeing and belonging, we create a workplace where everyone feels valued, rewarded, and empowered to succeed. BENEFITS Our benefits are built to support you at every stage of life. From wellbeing and financial security to enjoying more of what you love, our benefit offerings help you thrive at work and at home. Company Bonus Scheme Matched pension contributions up to 8.5% 26 days annual leave 2 Life Days (and bank holidays) Single Private Health Cover Complimentary Private Medical Income Protection Flexible Benefits – EV Scheme, Money Coach, Will Writing, Mortgage Advice, Dental and Eye Care Schemes. Enhanced Family Leave (Maternity, Paternity, Adoption) Wellness Allowance £500 Employee Assistance Programme Discounted Health Assessments Volunteering Day Matched Funding