Cyber Incident Response Team Manager

Company Description

IAG Tech is a community of IT and digital professionals from across the International Airlines Group (IAG). We drive the technology behind some of the biggest and most successful brands in global aviation, including British Airways, Aer Lingus, and Iberia.

Brought together in 2019, we are a unique community with a shared vision to deliver Technology Excellence and be recognised as industry leaders in the use of technology.

Our mission is to delight customers, enable employees, accelerate business performance, protect our business and increase shareholder value, through the innovative and agile use of technology and data.

We use product-centric delivery teams using agile methods to implement new capabilities at pace and maximise business outcomes. With a relentless focus on improving system performance and stability, we continually strive to find new and better ways to innovate and support the Group.

At IAG Tech we share common values to help us create the right culture to underpin our thriving community:
Innovation | we value identifying new ways of using technology to solve business challenges
Empowerment | we value giving people the freedom to operate, that they take accountability, and collaborate with colleagues
Professionalism | we value having and developing the right knowledge and competency to be able to do our jobs to the best of our ability
Transparency | we value honesty and integrity and always share the reality in a manner the business understands
Agility | we value responsiveness, speed and flexibility in everything we do

We celebrate when we see great examples of our values in action and challenge each other when we see these values being ignored.

Job Description

In this role you will be working in partnership with IAG Tech, IAG Group and the Operating Companies to:

Overall Management:

• Manage and lead the CIRT team and third party incident retainer and forensic partners
• Ensure the alignment of team objectives with organizational goals and priorities.

Incident Response:

• Develop, implement, and maintain the CIRT's incident response plan and procedures.
• Oversee the preparation, identification, analysis, containment, eradication, and recovery of security incidents.
• Coordinate the CIRT's response with other internal teams (such as IT, legal, communications).
• Track and report on security incidents and trends.
• Maintain awareness of current security threats and vulnerabilities.

Cyber Table Top Exercise and Breach Attack Simulation Exerciseg

Resource Allocation:

• Allocate resources effectively in CIRT
• Manage staffing, budgeting, and technology investments to support operational objectives.

Tool Management:

• Contribute to deployment, configuration, and maintenance of security tools and technologies for incident preparation and response.
• Contribute to optimizing the performance of security tools to maximize effectiveness and efficiency.

Compliance and Reporting:

• Ensure compliance with relevant regulations, standards, and industry best practices.
• Prepare and present CIRT & incident reports/dashboards to Operations, Management, Exec & Auditors

Continuous Improvement:

• Identify areas for improvement and innovation across SOC functions.
• Implement measures to enhance operational efficiency, effectiveness, and resilience over time.

Escalation Handling

• Perform Management on-call responsibilities

Qualifications

What we are looking for:

Skills:

• Ability to lead and manage a large team of security analysts and specialists.
• Strong leadership skills to inspire and motivate team members, set objectives, and drive performance.
• Expertise in incident detection, analysis, and response methodologies.
• Proficiency in coordinating and leading incident response efforts during security breaches and incidents.
• Deep understanding of cybersecurity principles, technologies, and best practices.
• Knowledge of security tools and technologies used in a SOC environment, such as SIEM (Security Information and Event Management), IDS/IPS (Intrusion Detection and Prevention Systems), and EDR (Endpoint Detection and Response) solutions.
• Ability to assess and prioritize security risks based on their potential impact and likelihood.
• Knowledge of relevant regulatory requirements and industry standards (e.g., GDPR, PCI DSS).
• Experience in ensuring SOC operations comply with legal, regulatory, and contractual obligations.
• Strong verbal and written communication skills to articulate complex technical concepts to diverse audiences.
• Skill in building and fostering a collaborative and cohesive team environment.
• Ability to troubleshoot complex security issues and develop innovative solutions to address them.
• Adaptability to rapidly changing threat landscapes and evolving technologies.
• Capacity to adjust SOC strategies and operations in response to emerging threats and organizational needs.
• Commitment to continuous learning and professional development to stay abreast of the latest cybersecurity trends, technologies, and best practices.

Experience

• 5-10 years experience in Security Operations
• Prior experience in a CIRT Team
• Leadership in Security Incident Response (SIR)
• Expertise in SIEM/SOAR tools
• Broad knowledge of security concepts (threat intel, vulnerability management, network security)
• Experience in threat analysis & security alert detection
• Familiarity with security frameworks (MITRE ATT&CK, NIST CSF)
• Security team leadership or strong leadership potential
• Experience in performance management
• Excellent communication & collaboration skills
• Security scripting and automation skills (Python, Bash) (Optional)
• Knowledge of cloud security concepts and best practices (Optional)
• Understanding of security compliance regulations (PCI DSS, ) (Optional)

Qualifications

• Recognized Security qualifications desirable e.g. CISM, CISSP (preferred)
• Project Management experience and certification (preferred)

Additional Information

Benefits

The chance to enjoy a challenging career in an exciting, fast-moving environment in a dynamic industry, working in a multi-cultural environment with great offices in many locations. We aim to provide all our people with a work/life balance, as well as the many benefits offered by a global organisation, including health insurance, pension, and performance bonuses.

Diversity and Inclusion

IAG Tech is part of the IAG GBS organisation, and our people are at the heart of everything we do. We recognise that we can only deliver the required business outcomes if we have a thriving community of technology professionals. Together we strive to become the very best at what we do.

We focus on making Tech a great place to work, with a community that we feel proud to belong to. To help make this a reality, our people strategy focuses on six key domains: Engagement, Talent Management, Reward and Recognition, Performance Management, Learning and Development and Culture.

We understand the importance of Diversity and Inclusion in the workplace to deliver this strategy – everyone should feel part of our team. We want to foster an inclusive workplace, celebrate individuality and embrace differences so that everyone in IAG Tech can achieve their goals and ambitions, regardless of their personal circumstances or background.

As a Group, IAG has an ambition that 40% of senior management roles are held by women by 2025. IAG Tech fully supports that ambition, and we are working to help make it a reality. With this in mind, we have set ourselves the challenging target of recruiting 50% female colleagues by 2030.