Overview

The Cyber Security Operations Centre (CSOC) at the Home Office plays a vital role in protecting one of the UK’s largest government departments and its nationally critical digital infrastructure. The Head of Protective Monitoring and Incident Response leads a high‑performing security function, shapes strategy and policy, and manages incidents in collaboration with senior stakeholders across government. Working within a team of cyber professionals, the post holder contributes to safeguarding complex systems with a culture of continuous development.

Responsibilities

• Develop strategies to detect and respond to cyber threats, aligned with business objectives, risk appetite, and continuity planning.
• Create, review and update cyber policies, standards and processes in line with regulatory and industry requirements, overseeing their implementation.
• Manage the technical response to cyber security incidents, engaging with stakeholders across the CSOC and department to identify, contain and help recover from threats.
• Manage the full incident response lifecycle, ensuring effective communication with cross‑government stakeholders; lead post‑incident reviews and implement exercising strategies to maintain organisational resilience.
• Determine and manage resources, including budget, personnel and technology; drive continuous improvement to address emerging threats and best practice.
• Develop and review strategic, operational and technical KPIs and KRIs to inform decision‑making.
• Lead the detect and response team, support professional development, and ensure service readiness.

Essential skills and qualifications

• Demonstrable passion for working in cyber security operations with experience in responding to and mitigating targeted cyber-attacks, monitoring, analysis, and recovery procedures across large‑scale organisations.
• Proven SOC leadership experience: leading Security Operations Centres with hands‑on experience managing 24/7 operations, incident response, and threat detection across complex environments.
• Experience developing and enhancing cyber security operations policies and processes, aligned with organisational needs, industry standards and best practices.
• Strong communication skills with technical and senior stakeholders, influencing decisions based on cyber risk assessments and strategic priorities.
• Strategic planning and execution: developing SOC strategies, roadmap planning, capability development, and maturity assessments.
• Experience leading and developing diverse teams of cyber security analysts, fostering high performance and professional growth.
• Understanding of pension schemes and benefits as outlined by the employer (e.g., competitive pension with 28.97% employee contribution as part of overall package) and general benefits described below.
• Note: This role requires Security Clearance, normally 5 years’ UK residency in the past 5 years, and readiness to undergo NPPV3 clearance.

Employment details

• Location: Cardiff
• Salary: £73,900 plus up to £21,700 in capability allowance
• Advert Close: 11:55pm 23rd October 2025
• Employment type: Full-time
• Seniority level: Mid‑Senior level
• Job function: Information Technology
• Industries: Government Administration

Benefits and working arrangements

• A hybrid working model of a minimum 60% of contracted hours in the workplace and 40% remote
• Flexible working options including full-time, part-time, flexi time, compressed hours and job sharing
• Training and development opportunities including access to technical and professional accreditations
• Access to funded qualifications (subject to approval)
• A capability allowance reviewed annually
• Enhanced parental leave schemes and an inclusive, diverse culture
• Annual performance-based bonus and recognition awards

Click on apply now to be redirected to our application portal and the full job advert