Cyber Operations Director

Overview
Job Summary:

The Cyber Operations Director is responsible for leading Live Nation Entertainment's APAC Cyber Operations team. This role oversees cyber threat intelligence, detection engineering, incident response, and SOC functions in the organization to proactively address emerging cyber threats. The ideal candidate is an experienced cybersecurity leader who thrives under pressure, communicates effectively across technical and business teams, and is passionate about growing and developing a high-performing team.

Key
Responsibilities

• In-depth Technical Leadership: Serve as the technical SME to Cyber Threat Intel, Detection Engineering and Incident Response team members.
• Security Event and Incident Leadership: Be the leader for the company's first line of defense against high-priority security events, ensuring accurate triage and response.
• Operational Excellence: Maintain day-to-day operations across a distributed environment, ensuring balance, coverage, and response consistency.
• Team Management & Development: Oversee analysts, foster mentorship and career growth, and lead by example during critical incidents.
• Strategic Communication: Translate technical insights for executive audiences, escalate risks, and drive cross-functional collaboration.
• Metrics-Driven Management: Use data to track effectiveness, drive accountability, and highlight trends to stakeholders.

Core Duties
Leader of Multidiscipline Team

• Intra-team coordination and planning of a multidisciplinary group of cyber defenders.
• Integrate team with wider objectives of Cyber Security organization and the business as a whole.
• Collaborate with peers both intra and inter organizationally to ensure timely awareness of events and incidents. Reporting concisely to leadership as needed.

Technical Skills

• Act as Incident Commander, providing direction and focus on cyber events tactically.
• Strong tactical understanding of the tools in the environment, including their operational status, capabilities, limitations, and gaps.
• Demonstrated expertise in building detection and response techniques by both building and utilizing detections from tools such as SIEM, EDR, NDR, and other security platforms to ensure timely identification and resolution of threats.
• Ability to lead effective threat analysis to identify and understand the tactics, techniques, and procedures (TTPs) used by threat actors.
• Understanding of APTs and cybercrime groups, how they relate to our operating environment enabling curation of CTI campaigns, to collect and analyze information, to create actionable results.

Metrics & Reporting

• The Cyber Operations Director is expected to align team operations with organizational priorities and ensure that all activities contribute to the successful achievement of the business's OKRs.
• Refine and report on KPIs such as False Positive rates, criticality of detections, and workload distribution, and time to: detect, contain, resolve.
• Use data to support team planning, capacity management, and continuous improvement.

Strategic Planning

• Plan quarterly team objectives and allocate resources based on threat landscape and business needs.
• Optimize scheduling and task assignments for both performance and team well-being.
• Develop and define program objectives in order to break them down into actionable tasks for current and upcoming quarter planning.
• Effective prioritization of assignments and tasks to meet objectives and timeline.

Growth Of Capabilities

• Develop technical understanding and abilities of individuals and teams on a small scale
• Resolve intraorganization conflicts and support other conflict resolution efforts via constructive mediation through technical evidence.
• Foster a culture of accountability, ownership, and growth.
• Conduct 1:1s, performance reviews, and career development sessions with team members.
• Provide tailored coaching to support technical growth.

Daily Operations

• Monitor team workloads to ensure balance and SLA adherence to provide Cyber Security services to the organization.
• Collaborate across security and business units on tooling integrations and threat initiatives.
• Identify gaps and defects in tooling and detections; and create suggested resolutions when reporting or collaborating with leadership and other teams
• Participate in typical workloads of the component teams. This includes taking part in development projects or actions to alerts to support and stay current with alerts in the environment.
• Lead daily shift handovers and team stand up meetings.
• Security event classification and people to task delegation to ensure a highly effective team.

Desirable Qualifications

• 8+ years of experience in cybersecurity, with at least 5 years in a leadership or management role. (Educational and Certifications can offset some of these requirements)
• Proven experience in managing Incident Response, managing a SOC, CTI collection analysis, development of detections, and active threat hunting.
• Advanced understanding of detection and response tools (SIEM, EDR, NDR), cloud environments (AWS, Azure,OCI, GCP), and attacker TTPs.
• Exceptional communication and decision-making skills, particularly under pressure.

Strong familiarity with cybersecurity frameworks (MITRE ATT&CK, NIST CSF, ISO

Education & Certifications

• Master's degree in Cybersecurity, Information Security, Computer Science, or related field — or equivalent experience.

• Certification (such as):

• CISSP – Certified Information Systems Security Professional

• GIAC Security Expert (GSE)
• GIAC Certified Incident Handler (GCIH)
• GIAC Certified Intrusion Analyst (GCIA)
• GIAC Certified Forensic Analyst (GCFA)
• GIAC Defensible Security Architecture (GDSA)
• GIAC Cyber Threat Intelligence (GCTI)
• OSCP – Offensive Security Certified Professional

Microsoft Certified: Cybersecurity Architect Expert