Who we are
We're IAG Loyalty - one organisation creating more rewarding ways to travel. Home to Avios, the global loyalty currency, we help millions of members collect and spend rewards across travel, retail and financial services.
We're transforming our technology landscape, investing in modern platforms and strengthening our cyber security capability to support our ambitious growth plans. It's an exciting time to join us as we continue to build a resilient, secure and customer-focused business.
The opportunity ✨
We're looking for a Security Operations Manager to play a key role in developing and maturing our Security Operations capability.
Working at the heart of our Cyber Security team, you'll act as the bridge between Security Engineering and Security Operations across IAG Group and our operating companies. You'll combine technical expertise with operational leadership to improve monitoring, strengthen threat detection, optimise security tooling and lead the response to security incidents.
This is a hands-on role where you'll have genuine influence over how Security Operations evolves. You'll shape the roadmap, improve operational resilience and ensure our security capabilities continue to develop as our technology landscape grows.
If you're passionate about building better security operations, enjoy solving complex technical challenges and want to make a visible impact, we'd love to hear from you.
What you'll be doing
You'll lead the continual improvement of our Security Operations capability, working closely with Security Engineering, technology teams and third-party partners to strengthen monitoring, detection and incident response across the business.
You'll own the end-to-end incident management lifecycle, coordinating responses to security incidents, driving investigations, facilitating lessons learned and ensuring improvement actions are delivered. Alongside this, you'll configure and optimise SIEM, threat protection and case management platforms, developing new detection rules, alerts and automation to improve our ability to identify and respond to emerging threats.
You'll build and maintain operational playbooks and runbooks, helping establish consistent ways of working across internal teams and managed service providers. You'll also produce meaningful KPIs and reporting, using operational data to identify trends, improve service performance and demonstrate the effectiveness of our security controls.
Working collaboratively across technology, engineering and business teams, you'll support security testing, assurance activities and resilience exercises, helping ensure our operational security capability continues to evolve in line with business priorities and regulatory expectations.
What we need from you
Strong experience working within Security Operations, Cyber Defence or Incident Response in a complex enterprise environment
Proven experience managing the end-to-end security incident management lifecycle
Hands-on experience configuring and administering SIEM, threat protection, logging and case management platforms
Experience developing threat detection use cases, alerts, dashboards and operational reporting
Strong understanding of security monitoring, investigation, triage, containment, recovery and continuous improvement
Experience developing operational playbooks, runbooks and standard operating procedures
Experience working closely with Security Engineering teams to improve operational capabilities
Ability to collaborate with suppliers, technology teams and stakeholders across the business
Experience developing KPIs, operational reporting and service metrics
Strong analytical and communication skills, with the ability to translate technical information for different audiences
Good understanding of security governance, operational resilience and regulatory requirements
Desirable
Experience supporting Business Continuity and Disaster Recovery activities
Experience working with outsourced Security Operations Centres or Managed Security Service Providers
Familiarity with Microsoft Sentinel, Splunk, Microsoft Defender, CrowdStrike or similar enterprise security platforms
Experience automating security operations using scripting or SOAR technologies
We might not be right for you if...
You prefer working within a narrow technical specialism rather than owning security operations end-to-end.
You enjoy maintaining existing processes more than improving and evolving them.
You prefer working independently rather than collaborating across engineering, operations and business teams.
If you think you have what it takes but don't meet every single requirement, we'd still love to hear from you.
The Blend
This role will work as part of our Loyalty Division and is based from our London office.
We call our approach to hybrid working The Blend — it's about giving you the flexibility to choose where you do your best work while staying connected with your team and the wider business.
You'll typically spend at least two days each week in the office, with the remainder working remotely. There may also be occasions where you'll work from other IAG or partner locations depending on business needs.
Diversity and Inclusion
Our vision is to create a more rewarding world of travel and experiences. Delivering that requires diverse thinking and inclusive leadership.
We are committed to building a workplace where people feel they belong and are valued for their perspective. Inclusion drives better decisions, stronger performance and more innovative outcomes.
We actively encourage applications from people with different experiences and backgrounds, and are committed to ensuring our recruitment process is fair, inclusive and accessible.