Job Purpose:

Leads the incident response team within the Cyber Defense Center, ensuring timely and effective handling of security incidents. This/her role involves coordinating with various stakeholders, managing incident response processes, investigation, analysis, containment, recovery, communication, and reporting. Additionally, the organization continuously improves its incident management capabilities and meets compliance requirements. The Incident Manager plays a vital role in safeguarding the organization’s digital assets and maintaining its cybersecurity posture.

Key Results Area:

• Strategic Oversight: Provide strategic direction and oversight for the incident management process, ensuring alignment with organizational goals and objectives.
• Security Incident Management: Lead the coordination of major security incidents/crisis management, ensuring that all relevant teams and stakeholders are effectively engaged and provide appropriate technical insights to the Crisis Management Team (CMT).
• managing incident investigation, analysis, containment, recovery, communication, and reporting
• Policy and Procedure Development: Develop and refine incident management policies and procedures, ensuring they are up-to-date and effective in addressing current and emerging threats.
• Continuous Improvement: Conduct thorough post-incident reviews to identify lessons learned and implement improvements to prevent future incidents.
• Training and Mentorship: Provide training and mentorship to other team members, ensuring the team is well-prepared to handle incidents.
• Stakeholder Communication: Maintain clear and effective communication with stakeholders, providing updates on incident status and resolution efforts.

Key Principles:

• Alignment with Business Priorities: Ensure alignment with organizational goals and objectives.
• Ownership and Accountability: Incident Manager takes full responsibility for the activities and the department’s, holding themselves and the team accountable for their outcomes.
• Driving Incident Response Maturity Enhancement: Proactively drives initiatives that enhance incident response and resilient cyber posture.
• Focus on Outputs and Impact: Focus on delivering outputs that create meaningful impact, such as enhanced security culture and protection posture of the bank.
• Innovation and Automation: Continuously seek innovative solutions and automated processes for efficiency.
• Continuous Learning and Improvement: Committed to learning from experiences and continuously improving relevant processes and outcomes.

Knowledge, Skills, and Experience:

Essential knowledge

• Have over 12+ years of rich experience in the information security domain and at least 6-8 years of dedicated experience in Security Incident Response.
• Hands-on experience in implementing and operationalizing SIEM/SOAR tools such as Sentinel, ArcSight, etc.
• Experience in defining and reporting KPIs for Security Incident response.
• Familiarity with advanced SOC monitoring technologies, risk, threat, and security measures.
• Knowledge across the SOC domains, including governance, control frameworks, policies, compliance management, risk management, and incident response, etc.
• Comprehensive knowledge of regulatory and compliance requirements and how they influence the bank's Information Security strategy.
• Preferably worked in the BFSI domain with proven experience in the SOC function.
• Strong understanding of key security standards and regulations such as NIST 800-61, CERT/CC, PCI, ISO 27035, etc.

Skills and Application

• Leads the development and implementation of comprehensive Security Governance strategies that address identified risks and compliance requirements, incorporating advanced technologies and methodologies to enhance security posture.
• Deep understanding of Security Incident response frameworks and their application in creating robust policies.
• Automate potential resilient security processes to ensure continuous compliance with security best practices.
• Maintaining up-to-date knowledge of security trends, threats, and countermeasures.
• Assess and design security posture determination processes, tools, and methodologies
• Reviewing and approving use cases/playbooks for SIEM/SOAR tools.
• Continuously monitor security hygiene and performance using tools and processes
• Collaborate with other IS teams, Ops, and tech teams on enhancing security incident response resilience.

Other

• Knowledge of evolving advanced tech stacks and related control and risk universe from a SOC perspective.
• Knowledge and expertise in conducting risk assessment and management.
• The ideal candidate will have a technical or computer science degree.
• Professional certifications: GCIH, CISSP, CEH, FOR608, CISM etc.