Senior Manager Cyber Defence

Reporting into the Aer Lingus CISO the Senior Manager of Cyber Defence will lead the management and ongoing development of advanced defensive cybersecurity services that safeguard the organisation against evolving threats. This role is accountable for shaping and delivering a sustainable intelligencedriven cyber defence capability across detection response exposure reduction and continuous control validation.

Operating within a hybrid delivery model (outsourced SOC and specialist providers with an internal CSIRT capability) you will ensure effective 24x7 monitoring rapid incident response and ongoing improvement of defensive controls through automation adversary simulation and strong operational governance. Responsibilities to include:

• Define and execute Cyber Defence strategy in partnership with the CISO aligned to business objectives regulatory obligations and the evolving threat landscape.
• Lead the organisations incident response programme and act as incident commander during major cyber events; coordinate multiteam response activities remediation and stakeholder communications.
• Provide governance and oversight of outsourced SOC and Threat Management services ensuring delivery to agreed SLAs and KPIs and driving continuous service improvement.
• Oversee exposure and vulnerability management across the enterprise establishing prioritisation and remediation governance
• Drive continuous controls improvement through adversary simulation and threat intelligenceinformed testing to identify and close prevention/detection/response gaps.
• Develop and execute strategies to monitor detect and respond to threats in real time leveraging SIEM EDR SOAR and automation to deliver at scale.
• Ensure Cyber Defence evidence reporting and assurance are fit for purpose (incident records integrity audit trails lessons learned and continuous improvement actions).
• Part of on-call rota as point of escalation in the event of a major cyber event
• Build develop and mentor highperforming cyber defence teams and outsourced services fostering a culture of agility learning collaboration and continuous improvement.
• Define manage and govern Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs) for Cyber Defence services; provide regular reporting to senior stakeholders.
• Own the development and maintenance of defence playbooks and oversee regular testing to enhance readiness with technology business and external stakeholders.
• Collaborate with Technology and Cyber teams to translate defence findings into actionable improvements for engineering and operations (hardening patching configuration identity and access improvements).
• Ensure effective integration of threat intelligence into detections triage investigations and response playbooks across SOC and internal CSIRT workflows.
• Coordinate with Legal Privacy Corporate Affairs and relevant authorities on incident communications and regulatory reporting requirements.

• 15 years cybersecurity and/or IT experience with strong exposure to cyber incident response threat management and/or defensive operations.
• Minimum of 3 years in a leadership position with demonstrated ability to lead services programmes and thirdparty providers.
• Proven experience acting as Incident Commander coordinating multiteam response activities remediation and stakeholder communications.
• Handson proficiency with Cyber Defence technologies (e.g. SIEM Threat Intelligence SOAR EDR platforms such as CrowdStrike ZeroFox Splunk or equivalent).
• Experience governing outsourced/managed security services (SOC threat intelligence vulnerability management) including SLA/KPI management and continuous improvement.
• Relevant Cyber qualifications e.g. Masters/Degree/Diploma CISM GIAC OSCP CEH or similar
• Strong leadership crisis management communication and crossfunctional collaboration skills.
• Proven competency overseeing enterprisewide cyber defence services and driving a sustainable remediation culture with IT and business owners.
• Demonstrated ability to develop and mature cyber security services improving operational processes and playbooks.
• Ability to translate threat intelligence control testing and incident learnings into measurable improvements in detections controls and response automation.
• Strong vendor/service management capability including oversight of thirdparty performance and assurance evidence.
• Experience overseeing adversary simulations red/blue/purple team exercises and translating findings into relevant control improvements.
• Familiarity with regulatory and incident reporting obligations and evidence requirements (e.g. NIS2 GDPR aviation regulations such as IAA/EASA PartIS).
• Familiarity with MITRE ATT&CK framework and modern attacker techniques.
• Experience defining Cyber Defence KPIs/KRIs such as exposure reduction MTTD/MTTR detection coverage and control validation outcomes.