| Job description | •Role: Information Security Manager: Security Operations
•Location:London or Newcastle
•Salary: London: Up to £90,000 per annum, Newcastle: Up to £79,000 per annum
•Type of contract: Full Time, permanent
•Location: Hybrid working. On-site at our London or Newcastle office 2 days per week minimum
Nationality Requirement:
• UK Nationals
• Nationals of Commonwealth countries who have the right to work in the UK
• Nationals from the EU, EEA or Switzerland with (or eligible for) status under the European Union Settlement Scheme (EUSS)
Please note, we are not able to sponsor work visas or accept temporary visas as we are looking to hire on a permanent basis. Please contact the HR Service desk (hrservicedesk@nao.org.uk) should you have any questions on your nationality eligibility.
Why are we recruiting?
In a world where cyber challenges and opportunities are constantly evolving, we are committed to staying ahead of the curve. With new investment aimed at enhancing the NAO’s security maturity our Information Security team is expanding. This is your chance to join a dynamic organisation with clear strategic objectives and help advance our data use and embrace new technologies securely.
We’re not just growing—we’re evolving. As part of a forward-thinking organisation with a strong mandate to harness data and embrace cutting-edge technologies, our InfoSec team is central to enabling and securing the NAO’s digital future.
We’re on the lookout for passionate, curious, and collaborative security professionals across a wide range of specialisms. Whether your expertise lies in governance, engineering, threat detection, or cloud security, you’ll find real scope to make an impact—both within InfoSec and across the wider organisation.
Be part of a diverse and expanding team that thrives on challenge and innovation.
-Work in a complex, data-rich environment where your insights will shape national-level outcomes.
-Help embed security into every layer of our digital transformation—from strategy to code.
This is more than a job. It’s a chance to help define the future of security at the NAO and be part of a high performing, and fun team.
Context and main purpose of the job:
Why are we recruiting for this role?
Integral to the NAO’s Information Security strategy is an enhanced Security Operations function dedicated to delivering and developing its essential protect, detect, and respond capabilities.
The SecOps Manager will run the function, developing our critical security operations systems, tools, and processes to maintain and improve, the NAO’s security posture and risk profile in support of our ambition of being an exemplar organisation.
Who are the team?
The role sits within an inclusive, diverse, respectful, and agile team of information security professionals responsible for enabling the business to better understand, identify and manage the threats and risks that could impact the NAO’s ability to deliver on its vision and strategy.
What are the main responsibilities of this role?
The SecOps Manager will lead on the response to security alerts, incidents and events logged by colleagues, monitoring tools and security partners, progressing actions. The successful candidate will have an excellent knowledge of how a security operations centre functions and an understanding of how to develop and enhance these capabilities.
They will be able to communicate effectively with all levels of users, demonstrate competence, instil confidence, and deliver a high level of internal customer service. They will mentor and coach team members, helping them to develop their skills and advance their careers. They will also educate and advise colleagues on information security best practice.
They will be required to use their experience, initiative, research, and problem-solving skills to resolve issues and create written documentation.
The role requires a thorough understanding of the Microsoft’s Azure and Defender tools at an expert level, as well as the ability to adapt to new technologies, learn new procedures, determine the source of problems, and advise on both tactical and strategic solutions.
About the National Audit Office
The National Audit Office (NAO) is the UK’s main public sector audit body. Independent of government, we have responsibility for auditing the accounts of various public sector bodies, examining the propriety of government spending, assessing risks to financial control and accountability, and reviewing the economy, efficiency and effectiveness of programmes, projects and activities.
We report directly to Parliament, through the Committee of Public Accounts of the House of Commons which uses our reports as the basis of its own investigations. We employ some 1,300 staff, most of whom are qualified accountants, trainees or technicians. They work in one of two main areas, financial audit or value for money (VFM) audit.
The NAO welcomes applications from everyone. We value diversity in all its forms and the difference it makes to our organisation. By removing barriers and creating an inclusive culture all our people can develop and maximise their full potential. As members of the Business Disability Forum and the Disability Confident Scheme we guarantee to interview all disabled applicants who meet the minimum criteria.
The NAO supports flexible working and is happy to discuss this with you at application stage.
Relationships:
Reporting to: Head of Information Security
Internal: Close working relationships with Info Sec peers, Digital Services (IT) and application development teams.
External: Microsoft and other key suppliers, vendors, and peers in similar organisations.
Resources Managed: Security Operations Officer
How to apply
1. Apply online and create a profile on our careers page
2. Submit an up-to-date CV
3. Submit a cover letter setting out briefly why your suitable for the based on the key skills/competencies required (maximum 1,000 words)
Selection process
1. Thursday 7 and Thursday 14 August - Longlisted candidates will be invited to an initial telephone interview with either the Director or Head of Information Security
2. Tuesday 26 and Wednesday 27 August- Following the initial telephone interview, shortlisted candidates will be invited to a panel interview |
|---|
| Responsibilities | The Security Operations Manager will be responsible for the following.
Leadership
•Management of Information Security’s Sec Ops functions in their delivery of robust best practise controls within an exemplar organisation.
•Ability to explain complex matters to a non-technical audience in a clear concise and engaging way.
•Collaborate with and build relationships with key stakeholder groups, such as Information Security and Digital Services to establish a strong understanding of the organisation and its needs.
•Ability to see the bigger picture and bring new ideas and challenge the status quo.
•Leadership by example, demonstrating a positive can-do attitude that supports the team both professionally and the team culture.
SecOps Management
•The delivery and day-to-day leadership of key technical security controls, and tools, across the organisation to ensure that security posture is effectively managed in line with enterprise risk appetite.
•Maintaining vigilant security monitoring of the technology estate and the execution of agreed protocols and processes n a consistent and timely manner when security issues arise.
•Ensure material investigations are conducted into information security events, alerts, and incidents.
•Provide subject matter expertise in response to security incidents.
•Support the development and optimisation of Microsoft Sentinel, Purview and Defender within the SecOps function.
•Support the SIEM, SOAR, and Zero Trust programmes.
•Support the SIEM’s development ensuring broader insight across the technology estate.
•Drive the development of outcome-based metrics. Reporting on SecOps status through periodic reporting, updates, and meetings.
•Responsible for penetration testing, and ensure tests are carried out in line with the organisation’s risk appetite, project requirements and to meet regulatory and external certification priorities.
•Oversee the 24/7 rota respond capability.
Risk Management
•Proactively identify, evaluate, and assess threats and risks that may impact the NAO’s ability to deliver on its vision and strategy.
•Contribute to the maintenance of the Information Security Risk Register.
•Support the delivery of appropriate and proportionate risk treatments in line with the NAO’s risk appetite.
ISMS
•Support the Information Security team to assure compliance with Information Security Policies, Standards and Controls.
•Support the ongoing retention of the NAO’s information security certifications.
•Produce clear, concise reporting on the security of technology systems.
•Promote and advocate InfoSec as an SME throughout the NAO.
Horizon Scanning
•Horizon/capability forecasting and budget management experience.
•Leverage threat intelligence feeds to maintain awareness of global security threats, vulnerabilities and collaborate with Digital Services teams to mitigate risk and maintain/improve the organisational security posture.
•Maintain awareness of technology landscape and provide guidance on opportunities to improve in the context of the business.
Continuous Improvement
•Continuously monitoring the effectiveness of security measures and make necessary adjustments. This includes reviewing security incidents and implementing lessons learned to improve future responses.
•Maintain currency in security industry best practice to drive continuous improvement within the organisation.
•Deliver continuous development of the security policies, processes, standards, runbooks, and tools.
•Identify opportunities and initiatives to continuously improve the NAO’s security and in particular the SecOps function in the context of the NAO’s strategy and risk appetite. |
|---|
| Skills required | Key skills/competencies required:
• Demonstrated experience leading a team focused on Cyber Security or Security Operations.
• Practical experience developing and enhancing Microsoft security services such as Azure, Sentinel, and/or Defender.
• Experience in proactive cyber risk management.
• Applied knowledge in two or more of the following security domains, with the ability to learn others:
• Identity & Access Management
• Network Security
• Messaging Security
• Endpoint Security
• Application Security
• Vulnerability Management
• Digital Forensics
Hands-on experience with two or more of the following toolsets:
• Security Incident & Event Management (SIEM) platforms, such as Azure Sentinel
• Vulnerability Management Tools
• Data Loss Prevention (DLP), such as Purview
• Microsoft Defender
• Currently pursuing or holding a relevant professional certification (e.g., CISSP, CISM, CISA, CEH, SANS GIAC).
• Demonstrated motivation for learning new skills.
• Analytical skills to identify threats, risks, vulnerabilities, and conduct root cause analysis.
• Ability to investigate and resolve complex problems.
• Effective written and verbal communication skills.
• Stakeholder engagement ability.
• SC Security Clearance, or able to quickly achieve SC clearance. |
|---|
