Security Operations and Incident Response Manager

At the heart of everything we do is our vision to change lives every day and our mission to grow The National Lottery responsibly and champion its impact.

We are Allwyn UK part of the Allwyn Entertainment Group a multi-national lottery operator with a market-leading presence across Europe which includes: Czech Republic Austria Greece Cyprus & Italy and the US.

While the main contribution of The National Lottery to society is through the funds to good causes at Allwyn we put our purpose and values at the heart of everything we do. Join us as we embark on a once-in-a-lifetime largescale transformation journey by creating a National Lottery that delivers more money to good causes.

Well talk a bit more about us further down the page but for now lets talk about the role and who were looking for

If you need any assistance or adjustments to this job description or in the application process please contact a member of the talent team at and well be happy to help.

A bit about the role

Lead and supervise Allwyns Security Operations Centre (SOC) ensuring the effective use of the tools technologies and processes that underpin security monitoring and incident response. The role is accountable for overseeing SOC team performance including rota management workload coordination and the continuous development of analysts capabilities. Working in close partnership with the Senior Cyber Defence Manager the role drives ongoing optimisation of detection logic response processes and the operational use of our SIEM SOAR EDR and other security platforms. The SOC Manager ensures that incident and threat response activities evolve in line with emerging risks maintaining strong operational performance.

Team Description:

The Security teams mission is to preserve the integrity of the National Lottery safeguard the sensitive and personal data processed by Allwyn and its partners and protect the people and premises across Allwyn UK. Operating in a heavily regulated environment we secure a cloudfirst technology estate that supports one of the most visited digital platforms in the UK an extensive retail network and a diverse set of backoffice services.

Our security model is built around cloudnative architectures and modern security capabilities with deep reliance on specialist thirdparty providers who support our monitoring detection incident response and assurance functions

The Security Operations team sits within the Information Security group and works daytoday wtih the Senior Cyber Defence Manager. Also working closely with Business Continuity Compliance & Assurance and other SOCaligned functions within the group. All of these subteams operate under the leadership of the Director of Information Security.

What youll be doing

• Lead daytoday Security Operation to ensure effective monitoring triage and response across a cloudfirst highlyintegrated security environment.
• Lead a team of 10 SOC analysts and oversee performance including rota management workload balancing skills development and ongoing coaching of analysts.
• Help the Senior Cyber Defence Manager drive continuous improvement of detection and response capabilities through feedback on the engineering tuning effectiveness automation and optimisation of SIEM SOAR EDR and other cloudnative security platforms.
• Oversee the endtoend lifecycle of SOC playbooks operating procedures and escalation paths ensuring they stay current with evolving threats and technologies.
• Willingness to work shifts as needed to maintain adequate team coverage and operational staffing levels.
• Ensure highquality postincident reviews are completed lessonslearned are captured and improvements are fed back into tooling processes and training.
• Partner with the Senior Cyber Defence Manager and specialist thirdparty providers to continually strengthen threat detection response processes and overall SOC maturity.
• Provide operational evidence insights and support to Governance Risk & Assurance teams while maintaining clear separation of duties.
• Collaborate closely with the Major Incident Manager and TechOps teams to ensure coordinated response timely escalation and effective resolution of security incidents.
• Demonstrate a strong understanding of business and customer impact to support effective prioritisation communication and incident response decision-making.

Scope & separation of duties:

• Owns:security monitoring incident management and response execution SOC delivery operational tooling.
• Contributes torisk insights and control evidence.

What experience were looking for

• Battlehardened Security Operations leader (SOC Manager) with proven experience running hightempo monitoring and incident response in complex environments and the judgement to make calm decisive calls under pressure
• Experienced working shouldertoshoulder with technology incident response teams staying relentlessly customercentric in decisions comms and recovery.
• Demonstrated ability / potential to lead coach and develop people this may come from formal line management technical leadership mentoring or leading multidisciplinary teams.
• Experience coordinating operational activity such as incident response service management or technology change with the ability to stay calm structured and decisive under pressure.
• Familiarity with modern security tooling (SIEM SOAR EDR cloudnative monitoring Azure Sentinel and Elastic) with the ability and appetite to deepen expertise through onthejob learning and partnership with Cyber Defence.
• Strong problemsolving and analytical capability able to understand complex incidents identify patterns and support the continuous improvement of detection and response processes.
• Clear confident communication skills capable of translating technical issues into operational actions and engaging effectively with engineers analysts third parties and senior stakeholders.
• Good organisational awareness ideally including experience navigating Allwyns technology ways of working suppliers or operational processes or evidence of quickly adapting to similar environments.
• Ability to manage operational workload including rota planning prioritisation and resource balancing to maintain consistent 24/7 coverage.
• Comfort working in cloudfirst fastchanging environments with the ability to absorb new technologies new threats and new tooling quickly.

Desirable (but not essential):

• Handson experience with cloud security operations (Azure AWS GCP).
• Exposure to detection engineering incident response threat intelligence or vulnerability management.
• Certifications such as CISSP GCIH GCIA GMON AZ500 viewed as beneficial not mandatory.
• Experience working with or leading thirdparty security partners.

About us

At Allwyn we are dedicated to changing lives and growing the National Lottery responsibly championing its positive impact on people places and the planet.

• Innovation - We pride ourselves on it! Were constantly looking for new ways to excite our customers bringing new products to market to enjoy which is all supported by our responsible play values and making them accessible to all.
• Giving back Did you know that playing the lottery generates around 30m a week for charities and good causes in the UK Our aim is to have doubled this number by the end of the first 10-year license.
• Sustainability Our aim is to become a net zero national lottery. We have 2030 targets to decarbonise our operations and energy. Weve already transitioned to renewable energy providers made our London and Watford offices zero gas and ensured our fleet consists of low-emission addition were working with our value chain partners to develop a net zero target date.
• Empowering every voice We believe in creating a culture where everyone feels they belong can be themselves has access to opportunities and can thrive for the benefit of good causes. Our diverse teams are working hard to make all parts of The National Lottery inclusive whether people play a game in a store or online- - because when everyone can play everyone wins.

Our people are more than colleagues - theyre winners driving positive change and making a real difference in communities.

We are a Disability Confident Leader which means weve taken proactive steps to ensure our workplace is accessible and inclusive for disabled and neurodivergent colleagues and candidates. As part of this we offer an interview to disabled applicants who meet the essential requirements of the job.

An inclusive reward offering with wellbeing at the centre

At Allwyn inclusion is built into how we care for our people. Our benefits and policies support colleaguesand their familiesat every stage of life and career. By prioritising wellbeing and belonging we create a workplace where everyone feels valued rewarded and empowered to succeed.

BENEFITS

Our benefits are built to support you at every stage of life. From wellbeing and financial security to enjoying more of what you love our benefit offerings help you thrive at work and at home.

• Company Bonus Scheme
• Matched pension contributions up to 8.5%
• 26 days annual leave 2 Life Days (and bank holidays)
• Single Private Health Cover
• Complimentary Private Medical
• Income Protection
• Flexible Benefits EV Scheme Money Coach Will Writing Mortgage Advice Dental and Eye Care Schemes.
• Enhanced Family Leave (Maternity Paternity Adoption)
• Wellness Allowance 500
• Employee Assistance Programme
• Discounted Health Assessments
• Volunteering Day
• Matched Funding

Required Experience:

Manager