Senior Manager Cyber Defense And Response

Job description / Role

Job description

The role is responsible for overseeing cyber monitoring and response activities, managing major incidents, and coordinating emergency response efforts that necessitate thorough investigation. This role involves analyzing and responding to cyber-attacks and data breaches, as well as conducting internal investigations to identify vulnerabilities.

The individual proactively identifies emerging threats and ongoing attacks, establishing thresholds and managing event sources to enhance incident detection. They define processes, configure tools, and correlate data to improve event tracking and incident response effectiveness. By fostering awareness and collaboration across the organization, this role plays a crucial part in strengthening the bank's overall cybersecurity posture and resilience against cyber threats.

Responsibilities

• Define minimum guidelines for detecting, tracking, and escalating security events, ensuring effective response protocols are in place.
• Establish criteria for security events and define thresholds to enhance incident detection capabilities.
• Oversee 24x7 Security Operations Center (SOC) activities to monitor for cyber threats using SIEM, EDR, NDR, and threat intelligence platforms.
• Direct incident response efforts, conduct root cause analysis, and lead digital forensics investigations.
• Coordinate containment, eradication, and recovery activities for cyber incidents.
• Lead proactive threat hunting based on hypotheses and indicators of compromise (IOCs).
• Lead a team of cybersecurity analysts, incident responders, and forensic investigators.
• Mentor and train staff, enforce shift discipline, and ensure readiness of the team.
• Brief executive leadership and external stakeholders, including regulators, during and after incidents.
• Provide comprehensive reporting on compliance monitoring to ensure adherence to security standards and regulations.
• Recommend strategies for containment, remediation, and recovery following cyber-attacks to strengthen organizational resilience.
• Utilize both internal and external resources to research threats, vulnerabilities, and threat intelligence regarding various adversaries and attack methodologies.
• Guide and support the cyber monitoring team during major security events, facilitating effective incident management.
• Develop an intelligence-led framework to protect the organization globally against cyber risks, integrating threat intelligence into security practices.
• Identify indicators of compromise (IOCs) and create signatures for detection, enhancing threat recognition capabilities.
• Ensure integration and optimization of SIEM, SOAR, and threat intelligence platforms.
• Ensure proper documentation and compliance reporting related to incidents.
• Assist in audit and compliance efforts related to cybersecurity.
• Develop and maintain a cyber incident response program, playbooks, and workflows.
• Lead, mentor, and manage the Cyber Defense team (SOC analysts, incident responders, threat hunters).
• Supervise the identification and selection of effective information sources to assist with incident investigations.
• Coordinate with threat intelligence analysts to correlate threat assessment data and enhance situational awareness.
• Utilize deployable forensics toolkits to support operations.
• Act as a technical expert in interactions with law enforcement, providing detailed incident and forensic analysis as required.
• Monitor external data sources to stay informed about current cybersecurity threats and assess their potential impact on the organization.
• Demonstrate the ability to debug malware step-by-step to facilitate analysis and understanding of malicious behaviors.
• Perform any other duties assigned by the line manager related to the nature of the work.
• Enforce, incorporate, and comply with all necessary controls and related information security policies, procedures, practices, training, reporting, personal due diligence, and vigilance within departmental and unit activities and operations.

Qualifications

Preferred qualifications

• A tertiary-level qualification from an internationally recognized institution.
• Industry-recognized certifications such as eCIR, CHE, GCIH, eCMAP, GCFA, or GNFA.

Years and nature of experience

• 5 to 7 years of equivalent experience demonstrating required competencies in cybersecurity.
• An experienced professional capable of delivering on difficult technical tasks.
• Project implementation experience.
• Self-sufficient at work and able to manage small project responsibilities.
• Experience providing technical supervision to junior staff.
• Knowledge of security principles, techniques, and technologies.
• Knowledge of networking protocols, technologies, and operating systems.
• Expertise in advanced network forensics, including threat hunting, analysis, and incident response.

Technical competencies

• Incident response planning.
• Security information and event management.
• Vulnerability assessment.

Behavioral competencies

• Value-led accountability.
• Empowered people.
• Collaborative agility.
• Trust and transparency.