Cybersecurity Manager

Introduction 

We are seeking a Cybersecurity Manager, Security Operations Centre (SOC) Lead to join our Metso IT team. In this role, you will own and manage Metso's global SOC, including oversight of 24/7 threat monitoring, alert triage, and escalation workflows. You will define and track SOC performance metrics and KPIs, such as Mean Time to Detect (MTTD), Mean Time to Respond (MTTR), and false-positive rates, and report outcomes to senior leadership. Additionally, you will coordinate the SOC analyst team and ensure adequate staffing coverage across regions and time zones. 

This position is mainly located in Espoo, but we are happy to offer flexible working arrangements, including hybrid options. 

What you’ll do 

Incident & Vulnerability Management 

• Develop further existing end-to-end incident response lifecycle: detection, containment, eradication, recovery, and lessons learned 

• Establish vulnerability prioritization framework aligned with business-critical assets and risk appetite 

• Ensure timely remediation SLAs and coordinate cross-functional response across IT and business units 

Security Architecture & Process Development 

• Evolve SecOps tooling and architecture roadmap jointly with IT Infrastructure, IT Applications, and IT service suppliers and partners 

• Standardize security processes (playbooks, runbooks, escalation paths) to improve operational maturity and audit readiness 

Vulnerability, Patch & Exposure Management 

• Develop existing vulnerability and patch management capability covering servers and applications; evaluate tooling and define rollout plans 

• Establish exposure management framework together with other Metso IT Teams 

Stakeholder & Vendor Coordination 

• Act as primary interface between the Cybersecurity team, IT leadership, and external partners for security operations 

• Ensure security initiatives align with Metso’s 2026–2027 cybersecurity strategy and report progress to CISO / Director level 

Who you are 

Education & Certifications 

• Bachelor’s or Master’s degree in Cybersecurity, Information Technology, Computer Science, or a related field 

• Relevant certifications strongly preferred: CISSP, CISM, GIAC (GSOM/GCIH), or equivalent 

• ITIL Foundation or similar IT service management certification is a plus 

Professional Experience 

• 4-6 years in cybersecurity with at least 3 years in a SOC management or security operations leadership role 

• Proven track record managing incident response, vulnerability management, and security monitoring at enterprise scale 

• Hands-on experience with SIEM, EDR/XDR, vulnerability scanning, and exposure management platforms 

• Experience with vendor/partner management including RFI/RFP processes and outsourced security services 

Technical & Domain Knowledge 

• Strong understanding of security architecture, network security, cloud security (Azure/AWS), and endpoint protection 

• Familiarity with vulnerability and patch management tooling and processes for server and application environments 

• Knowledge of relevant frameworks and standards: NIST CSF, ISO 27001, MITRE ATT&CK 

• Basic understanding of AI capabilities in this SOC field 

Leadership & Soft Skills 

• Ability to lead cross-functional teams and coordinate with global stakeholders, including outsourced partners (e.g. TCS) 

• Strong communication skills to present security posture and risks to CISO, IT leadership, and business stakeholders 

• Fluent English required; Finnish language skills are an advantage 

What's in it for you