Security Operations Centre Lead
Capability: Solutions & Digital
Capability: Solutions & Digital
Experience Level: Senior Manager
Type: Full Time
Service Line: Solutions & Digital
Security Operations Centre Lead – B Grade
KPMG is building a new UK Information Security Practice to ensure a coordinated response to the increasing cyber security threat, to enable risk decisions to be made consistently across the organisation and to establish sustainable security capabilities that are integrated with the business. This role is the senior lead for the Security Operations Centre within the KPMG UK Information Security function with four main areas to cover; security monitoring, security incident response, SOC platform engineering and threat intelligence.
• Lead the UK Security Operations Centre team to support the protection of KPMG’s and its clients’ assets, reputation and prevent financial losses
• Ensure SOC services are delivered according to agreed Service Level Agreements
• Contribute to the overall information security strategy
• Drive the evolution of the SOC (“Detect” and “Respond”) capabilities.
• implement the services related to cyber security operations
• Ensure high service quality to KPMG operating functions. and other stakeholders
• Provide high-quality, prioritised and up-to-date information about the evolution of security threats that are relevant to KPMG
• Manage a 20+strong team across multiple geolocations (UK/India), with multiple specialisms to support the Security Operations Centre
• Evolve the security operations centre capabilities and services to adapt to evolution of cyber threats and to ensure a high-level of protection to KPMG information
• Actively support the senior security leadership team
The scope of the role covers security incident response & investigations, security monitoring, threat intelligence and SOC platform engineering and support and has overall accountability for these services.
The SOC lead will:
• Be accountable for improving the maturity of the SOC and maintain oversight of the lifecycle of in-scope technology that supports the SOC’s services;
• Drive continuous service improvement, working with Senior Management and the Security Transformation Programme;
• Ensure integration and handover of new security services within the SOC as the scope of the service increases and matures;
• Ensure that new security intelligence and monitoring feeds are integrated into the SOC to provide effective monitoring of KPMG technology environment;
• Understand the dependencies & work collaboratively within Information Security and with the wider business to provide a consistent and reliable services;
• Be responsible for building and maintaining strong relationships with key stakeholders, such as Information Security leadership, CTO’s, Technology Operations, business service owners and any 3rd parties; monitoring quality & escalating issues as necessary;
• Work closely with the Global SOC to share information and manage risks to the UK firm and wider network;
• Take overall accountability for the SOC service and oversee the delivery and quality of the service in line with agreed service level agreements and service delivery objectives;
• Oversee and manage the relationship with 3rd parties in charge of delivering SOC services;
• Manage senior relationships with the business and act as the final escalation point for the SOC;
• Ensure timely delivery of threat intelligence report and SOC operational reports. Ensure SOC metrics feed Information Security and Risk Dashboard;
• Provide tailored advice to a range of senior stakeholders on the strategic importance of risk and how to respond proportionately;
• Support the SME’s within the SOC and ensure integration and collaboration within the team;
• Lead and manage a team of high performing professionals in delivering the service;
• Provide opportunities and training to develop the skills needed to meet the future needs of the service;
• Guide and direct specialist activities within your team, actively promoting development of applicable skills, and sharing best practice;
• Substantial experience in Information and Cyber Security
• Substantial experience in leading a whole (or a large part of) a Security Operations Centre.
• Experience with managed security services and security consulting would be a plus
• Excellent SIEM tooling knowledge including technologies such as QRadar, Sentinel, Arcsight etc
• Experience in end to end information security incident management and mitigating and addressing threat vectors including Advanced Persistent Threat (APTss), Distributed Denial of Service (DDoS), Phishing, Malicious Payloads, Malware, etc.
• Experience with Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Web Application, Firewalls, Firewall logs, systems logs, web logs, application logs and Security Information and Event Management (SIEM) systems.
• Experience with technologies, tools and process controls to minimise risk and data exposure.
• Solid experience of working in Cloud environments such as AWS, Azure, & GCP.
• Experience with building threat-based Use Cases using frameworks such as MITRE ATT&CK.
• Experience training and developing teams
• Experience interfacing with C level and board members
• Solid understanding of ISO 27001, Cyber Essentials/Essentials Plus, GDPR and other information security-related regulatory and compliance standards
• Bachelor’s degree in computer science, Engineering, or related field.
• Information Security and/or Information Technology industry certification (CISSP, CISA, CISM, GIAC or equivalent).
• SANS SEC401 certification or equivalent a plus
• Already holds, or have the ability to be SC cleared (required)
• Understanding of security threats, attack scenarios, intrusion detection and incident management.
• Ability to function effectively in a matrix structure.
• Strong relationship management with C-suite executives and the ability to create confidence in the service and discuss risk at a strategic level
• Strong facilitation, negotiation and conflict resolution skills.
• Ability to deal with ambiguity and to keep a cool head when dealing with crisis or stressful situations
• Strong analytical skills.
• Apply analytical rigor and demonstrate business acumen to understand complex business scenarios.
• Fluent in English.
With offices across the UK, we are part of a global network of firms providing Audit, Tax & Legal, Consulting, Deal Advisory and Technology Services to diverse clients.About KPMG
They provide us with a strong sense of identity, ensuring we can grow stronger. They bind us together, across our different backgrounds and cultures, and are common to each of us. Explore more about why Our Values matter.Read more
From role sharing and flexible start and finish times to home working, we'll try and support the flexible work patterns that best suit you.Read more
Committed to inclusion
We want you to bring your full self to work - to make this a place where people from every background thrive.Read more
Supporting work returners
We welcome applications from people who have taken a career break.Read more
Applying with a disability
We're a member of the Business Disability Forum so please get in touch if you'd like to discuss any adjustments that you might need in the application process - and if you are successful beyond this.Read more
Our agency policy
We don't accept speculative CVs from agencies - you can see our policy on agencies here:Read more
Similar vacancies you might be interested in
Manager – National Security – Strategy and Operations
Assistant Manager – National Security – Strategy and Operations
Senior Manager, Operations - Supply Chain
Information Security Engineer
KPMG Business Services
Manager – National Security – Technology
Senior Manager - Risk Operations