This role will take responsibility for day to day management of the BBC’s 24x7 Security Operations Centre (“SOC”) team.
The successful candidate will have a clear understanding of information security risk management, and will use this knowledge to allocate BBC SOC resources to where they can best mitigate risk. They will develop and mentor SOC shift leaders, guide incident response on more significant incidents and take responsibility for quality assurance of SOC processes. They will support the Head of Information Security – Operations in delivering against the strategy, and contribute actively to setting the future strategic direction of the SOC.
The role is based on our MediaCityUK campus in Salford Quays.
- Support the Head of Information Security (Operations), Head of Information Security (Development) and the other members of the Information Security leadership team in formulating the strategic direction of the SOC function and executing against the agreed strategy.
Programme/Project Roadmap Support
- Support the integration of SOC processes with the overarching Information Security transformation programme, helping to ensure that we actively utilise the domain model to better target delivery of investigative resources to where they mitigate risk.
- Help define, support and oversee the delivery of projects committed to as part of the strategic roadmap.
- Manage the SOC use case development pipeline, prioritizing new use cases in accordance with their risk mitigation value + feasibility given existing log analysis capabilities. Decommission use cases that consume excessive resources for low return on investment.
- Liaise with the Information Security development team, ensuring SOC staff have a clear understanding of the capabilities of the toolset and can relate them to the environment and stakeholders.
- Understand clearly what is coming down the coverage pipeline and ensure that the SOC are trained and briefed on the organizational context and security utility of new event feeds.
- Make improvement recommendations to information security leadership team with respect to security monitoring approach (in particularly gaps in visibility that are harming effectiveness of monitoring.)
- Act as incident manager for major security incidents, taking the lead on SOC response and assuring the delivery of any SOC actions agreed on incident calls.
- Ensure severe / complex incidents are escalated on a timely basis to the Infosec leadership team where additional specialist support is required.
- Ensure the SOC provide support to the Information Security Manager (Forensics) on high priority forensic investigations.
Governance and Team management
- Oversee the career development framework for the SOC team, providing clarity on how staff can achieve progression, and providing career coaching and mentoring to specialists/direct reports.
- Provide direction and guidance to SOC specialists and help them to resolve more challenging issues.
- Ensure rota management is actioned in line with BBC terms and conditions and SOC policies, and manage the resolution of rota conflicts between shifts.
- Ensure SOC investigation quality management procedures are adhered to, and improved over time, to ensure consistent and competent investigation of incidents.
- Develop / review such SOC policies, standards and procedures as are necessary for the efficient operation of the department.
Threat Intelligence and Vulnerability Identification
- Working with Forensics, ensure the timely delivery of threat intelligence information, to relevant teams. Review, and provide feedback on, SOC intelligence outputs to ensure SOC guidance on threat response is appropriate.
- Oversee the vulnerability management and responsible disclosure triage processes within the SOC, working to improve their effectiveness and efficiency over time. Support the timely resolution of any critical issues identified via effective use of influencing skills with business stakeholders.
- Represent the department at internal meetings and present on behalf of the BBC at external conferences, “giving back” to the wider Information Security community by presenting on relevant topics where the BBC SOC has developed expertise.
- Take a lead role on managing the relationships with SOC suppliers, overseeing contract reviews and proof of value assessments.
The Ideal Candidate
- Experience of information security operations; especially incident response and security monitoring.
- Ability to communicate at all levels of the business.
- Record of operating in time critical, diverse corporate environments.
- Experience in management, in particular the ability to lead, support and develop teams of technical specialists within IT security or a related discipline.
- Ability to manage and resolve conflicts between technical and business imperatives.
- Excellent written and verbal communication and presentation skills.
- Highly effective and creative problem-solving skills.
- Good understanding of technical systems and processes in use within the BBC or a large corporate environment.
Contract type: Permanent
We’re happy to discuss flexible working. Please indicate your choice under the flexible working question in the application. There is no obligation to raise this at the application stage but if you wish to do so, you are welcome to. Flexible working will be part of the discussion at offer stage.
- Excellent career progression – the BBC offers great opportunities for employees to seek new challenges and work in different areas of the organisation.
- Unrivalled training and development opportunities – our in-house Academy hosts a wide range of internal and external courses and certification.
- Benefits- We offer a competitive salary package, a flexible 35-hour working week for work-life balance and 26 days (1 of which is a corporation day) with the option to buy an extra 5 days, a defined pension scheme and discounted dental, health care, gym and much more.
The situation regarding the coronavirus outbreak is developing quickly and the BBC is keen to continue to ensure the safety and wellbeing of people across the BBC, while continuing to protect our services. To reduce the risk access to BBC buildings is limited to those essential to our broadcast output. From Wednesday 18th March until further notice all assessments and interviews will be conducted remotely. For more information go to https://www.bbc.co.uk/careers/
Mae’r sefyllfa gyda’r coronafeirws yn datblygu’n gyflym, ac mae’r BBC yn awyddus i barhau i sicrhau diogelwch a lles pobl ar draws y BBC, gan barhau i warchod ein gwasanaethau hefyd. I leihau’r risg, dim ond y bobl sy’n hanfodol i’n hallbwn darlledu fydd yn cael mynediad i adeiladau’r BBC. O ddydd Mercher 18fed Mawrth ymlaen, bydd pob asesiad a chyfweliad yn cael ei gynnal o bell, nes rhoddir gwybod yn wahanol. I gael mwy o wybodaeth, ewch i https://www.bbc.co.uk/careers/
About the Company
We don’t focus simply on what we do – we also care how we do it. Our values and the way we behave are important to us. Please make sure you’ve read about our values and behaviours in the document attached below.
Diversity matters at the BBC. We have a working environment where we value and respect every individual's unique contribution, enabling all of our employees to thrive and achieve their full potential.
We want to attract the broadest range of talented people to be part of the BBC – whether that’s to contribute to our programming or our wide range of non-production roles. The more diverse our workforce, the better able we are to respond to and reflect our audiences in all their diversity.
We are committed to equality of opportunity and welcome applications from individuals, regardless of age, gender, ethnicity, disability, sexual orientation, gender identity, socio-economic background, religion and/or belief. We will consider flexible working requests for all roles, unless operational requirements prevent otherwise.
To find out more about Diversity and Inclusion at the BBC, please click here