Diageo - Security Operations Manager

About the Role :

The SOC Manager is responsible for leading and managing Security Operations Center (SOC) functions, ensuring effective 247 monitoring, detection, incident response, and threat hunting across enterprise IT, cloud, OT, and digital environments.

This role focuses on operational excellence, team leadership, incident readiness, and continuous improvement, while aligning SOC activities with enterprise cybersecurity strategy and business objectives.

Key Responsibilities :

SOC Leadership & Operations :

- Lead day-to-day SOC operations, ensuring continuous monitoring, detection, and response to security events and incidents.

- Manage L2/L3 SOC analysts, incident responders, and threat hunters, fostering a high-performance culture.

- Ensure adherence to incident response SLAs, escalation paths, and communication protocols.

- Act as the incident commander for major cyber incidents, coordinating technical response and stakeholder communication.

Incident Response & Threat Management :

- Oversee incident triage, investigation, containment, eradication, and recovery activities.

- Conduct root-cause analysis and ensure corrective and preventive actions are implemented.

- Lead threat hunting activities using frameworks such as MITRE ATT&CK to identify advanced and stealthy threats.

- Coordinate post-incident reviews and lessons-learned sessions.

Technology & Platform Management :

- Own and optimize SOC technologies including SIEM, SOAR, EDR/XDR, NDR, and threat intelligence platforms.

- Drive use-case development, tuning, and automation to reduce false positives and improve detection fidelity.

- Partner with engineering and IT teams to onboard new log sources and improve telemetry quality.

- Ensure SOC tooling aligns with enterprise architecture and cybersecurity strategy.

Process, Metrics & Continuous Improvement :

- Define, track, and report SOC KPIs and metrics (MTTD, MTTR, alert quality, incident trends).

- Drive continuous improvement initiatives using data, automation, and process optimization.

- Maintain and improve SOC playbooks, runbooks, and standard operating procedures.

- Support tabletop exercises, red-team/blue-team simulations, and readiness testing.

Collaboration & Stakeholder Management :

- Collaborate with GRC, IAM, Security Architecture, Cloud, OT, and Product Security teams.

- Act as a key liaison between SOC and IT, engineering, and business stakeholders.

- Support audits, regulatory inquiries, and risk assessments by providing operational evidence.

- Engage with vendors, MSSPs, and service providers, ensuring contractual SLAs are met.

People Development & Culture :

- Recruit, onboard, and mentor SOC talent.

- Build career paths, training plans, and succession strategies for SOC staff.

- Foster a culture of learning, innovation, accountability, and resilience.

- Promote security awareness and collaboration across the organization.

Required Qualifications :

- Bachelors degree in Computer Science, Information Security, Engineering, or related field.

- 8 to 12+ years of cybersecurity experience with 5+ years in SOC / incident response leadership.

- Strong hands-on experience with SIEM/SOAR platforms and security monitoring tools.

- Proven experience leading major cyber incidents in enterprise environments.

- Strong understanding of threat frameworks (MITRE ATT&CK) and attack methodologies.

- Experience working with globally distributed teams and 247 operations.

Preferred Qualifications :

- Certifications such as CISSP, CISM, GCIA, GCIH, CRISC.

- Experience with cloud security monitoring (AWS/Azure/GCP).

- Experience managing MSSPs or outsourced SOC models.

- Strong executive communication and reporting skills