Position Overview
Rapidly growing FinTech company seeking an accomplished Cybersecurity Operations Manager to take full ownership of its cloud-first security operations function. This is a high-impact, hands-on leadership role with end-to-end responsibility for managing the Security Operations Centre (SOC), incident detection and response, threat intelligence, and cloud-native security engineering-with a strong focus on Google Cloud Platform (GCP).
Operating in a highly regulated, Real Time financial services environment, this role requires deep technical knowledge, operational maturity, and experience applying security best practices across a fast-moving cloud infrastructure.
What You'll Do
SOC Leadership & Threat Detection
* Lead and mentor a team of SOC analysts and engineers, ensuring high-quality coverage across all GCP workloads.
* Establish and maintain 24/7 detection and response capabilities, fine-tuning alerting rules and monitoring strategies.
* Deploy and maintain detection rules using Chronicle SIEM, YARA, Sigma, and GCP-native logging tools.
* Define and maintain runbooks, incident playbooks, and escalation procedures.
Incident Response & Threat Intelligence
* Own the full life cycle of security incidents from detection to remediation and post-incident review.
* Perform advanced threat hunting and root cause analysis across cloud workloads, Kubernetes clusters, APIs, and user activity. Integrate external threat intelligence feeds, aligning TTPs with the MITRE ATT&CK framework.
* Drive continuous improvement by conducting regular purple team exercises and scenario-based tabletop tests.
Cloud Security Engineering
* Work hands-on with GCP security controls, including:
* Security Command Center
* VPC Service Controls
* IAM (Identity & Access Management) Cloud Logging and Monitoring
* Workload Identity Federation
* Automate security response using Python, Terraform, or XSOAR.
* Collaborate with infrastructure and DevOps teams to embed security into CI/CD pipelines, containers (GKE), and API services.
Compliance & Risk Alignment
* Ensure operational alignment with PCI-DSS, ISO 27001, SOC 2, NIST, and GDPR requirements.
* Support internal and external audits with relevant security evidence and reports.
* Work closely with GRC teams to implement controls and technical safeguards for ongoing compliance.
Who You Are
A cybersecurity professional who thrives in high-velocity, cloud-native, and heavily regulated environments. You're both a strategist and a practitioner: able to lead people and projects, while staying hands-on with modern tools and incident response workflows. You bring both technical acumen and operational discipline, with a deep understanding of GCP security and experience protecting high-value fintech applications.
Essential Qualifications
* Experience as SOC lead, cyber operations manager, or similar role.
* Hands-on experience in securing Google Cloud Platform (GCP) environments across multiple projects/accounts.
* Strong expertise in:
* SIEM management (Chronicle, Splunk, Elastic) Incident response and recovery
* Security orchestration (SOAR), preferably Chronicle + XSOAR
* IAM, policy enforcement, logging, and access reviews in GCP
* Proven experience working in FinTech or financial services, ideally under PCI-DSS, ISO 27001, or SOC 2. Strong Scripting or automation experience (Python, Terraform, Bash).
* Knowledge of threat modelling and attack frameworks (MITRE ATT&CK, Kill Chain). Familiarity with Kubernetes (GKE), container security, API hardening.
Nice to Have
Certifications such as:
* Google Professional Cloud Security Engineer CISSP, CISM, GCIH, or GCIA
* Experience implementing Zero Trust Architecture in a cloud-native environment. Familiarity with OPA/Gatekeeper, Kubernetes Admission Controllers.
* Background in red teaming or adversary simulation (MITRE Caldera, Atomic Red Team).
* Experience working with BigQuery, Data Loss Prevention (DLP) tools, and Key Management Systems (KMS).
Why This Role?
* Work directly with engineering, DevSecOps, and compliance leadership.
* Lead cybersecurity strategy and execution in a cloud-native, greenfield fintech platform. Influence architecture decisions at scale while keeping a hands-on role.
* Flexible, remote-first working culture with global talent.
* A chance to build a security function from the ground up, automate deeply, and scale securely.