Reporting into the Aer Lingus CISO, the Senior Manager of Cyber Defence will lead the management and ongoing development of advanced defensive cybersecurity services that safeguard the organisation against evolving threats. This role is accountable for shaping and delivering a sustainable, intelligence‑driven cyber defence capability across detection, response, exposure reduction and continuous control validation.

Operating within a hybrid delivery model (outsourced SOC and specialist providers, with an internal CSIRT capability), you will ensure effective 24x7 monitoring, rapid incident response, and ongoing improvement of defensive controls through automation, adversary simulation and strong operational governance. Responsibilities to include:

• Define and execute Cyber Defence strategy in partnership with the CISO, aligned to business objectives, regulatory obligations and the evolving threat landscape.
• Lead the organisation’s incident response programme and act as incident commander during major cyber events; coordinate multi‑team response activities, remediation and stakeholder communications.
• Provide governance and oversight of outsourced SOC and Threat Management services, ensuring delivery to agreed SLAs and KPIs and driving continuous service improvement.
• Oversee exposure and vulnerability management across the enterprise, establishing prioritisation and remediation governance
• Drive continuous controls improvement through adversary simulation and threat intelligence‑informed testing to identify and close prevention/detection/response gaps.
• Develop and execute strategies to monitor, detect and respond to threats in real time, leveraging SIEM, EDR, SOAR and automation to deliver at scale.
• Ensure Cyber Defence evidence, reporting and assurance are fit for purpose (incident records integrity, audit trails, lessons learned and continuous improvement actions).
• Part of on-call rota, as point of escalation in the event of a major cyber event
• Build, develop and mentor high‑performing cyber defence teams and outsourced services, fostering a culture of agility, learning, collaboration and continuous improvement.
• Define, manage and govern Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs) for Cyber Defence services; provide regular reporting to senior stakeholders.
• Own the development and maintenance of defence playbooks and oversee regular testing to enhance readiness with technology, business and external stakeholders.
• Collaborate with Technology and Cyber teams to translate defence findings into actionable improvements for engineering and operations (hardening, patching, configuration, identity and access improvements).
• Ensure effective integration of threat intelligence into detections, triage, investigations and response playbooks across SOC and internal CSIRT workflows.
• Coordinate with Legal, Privacy, Corporate Affairs and relevant authorities on incident communications and regulatory reporting requirements.

• 15+ years cybersecurity and/or IT experience, with strong exposure to cyber incident response, threat management and/or defensive operations.
• Minimum of 3 years in a leadership position, with demonstrated ability to lead services, programmes and third‑party providers.
• Proven experience acting as Incident Commander, coordinating multi‑team response activities, remediation and stakeholder communications.
• Hands‑on proficiency with Cyber Defence technologies (e.g., SIEM, Threat Intelligence, SOAR, EDR platforms such as CrowdStrike, ZeroFox, Splunk or equivalent).
• Experience governing outsourced/managed security services (SOC, threat intelligence, vulnerability management) including SLA/KPI management and continuous improvement.
• Relevant Cyber qualifications e.g., Masters/Degree/Diploma, CISM, GIAC, OSCP, CEH, or similar
• Strong leadership, crisis management, communication and cross‑functional collaboration skills.
• Proven competency overseeing enterprise‑wide cyber defence services and driving a sustainable remediation culture with IT and business owners.
• Demonstrated ability to develop and mature cyber security services, improving operational processes and playbooks.
• Ability to translate threat intelligence, control testing and incident learnings into measurable improvements in detections, controls and response automation.
• Strong vendor/service management capability, including oversight of third‑party performance and assurance evidence.
• Experience overseeing adversary simulations, red/blue/purple team exercises and translating findings into relevant control improvements.
• Familiarity with regulatory and incident reporting obligations and evidence requirements (e.g., NIS2, GDPR, aviation regulations such as IAA/EASA Part‑IS).
• Familiarity with MITRE ATT&CK framework and modern attacker techniques.
• Experience defining Cyber Defence KPIs/KRIs such as exposure reduction, MTTD/MTTR, detection coverage, and control validation outcomes.