Senior Manager Cyber Defense And Response

Job description / Role

Job description

The role is responsible for overseeing cyber monitoring and response activities, managing major incidents, and coordinating emergency response efforts that necessitate thorough investigation. This role involves analysing and responding to cyber-attacks and data breaches, as well as conducting internal investigations to identify vulnerabilities.

He/she proactively identifies emerging threats and ongoing attacks, establishing thresholds and managing event sources to enhance incident detection. They define processes, configure tools, and correlate data to improve event tracking and incident response effectiveness. By fostering awareness and collaboration across the organization, this role plays a crucial part in strengthening the bank's overall cybersecurity posture and resilience against cyber threats.

Responsibilities

• Define minimum guidelines for detecting, tracking, and escalating security events, ensuring effective response protocols are in place.
• Establish criteria for security events and define thresholds to enhance incident detection capabilities.
• Oversee 24x7 Security Operations Center (SOC) activities to monitor for cyber threats using SIEM, EDR, NDR, and threat intelligence platforms.
• Direct incident response efforts, conduct root cause analysis, and lead digital forensics investigations.
• Coordinate containment, eradication, and recovery activities for cyber incidents.
• Lead proactive threat hunting based on hypotheses and indicators of compromise (IOCs).
• Lead a team of cybersecurity analysts, incident responders, and forensic investigators.
• Mentor and train staff, enforce shift discipline, and ensure readiness of the team.
• Brief executive leadership and external stakeholders, including regulators (e.g., SAMA, NCA), during and after incidents.
• Provide comprehensive reporting on compliance monitoring to ensure adherence to security standards and regulations.
• Recommend strategies for containment, remediation, and recovery following cyber-attacks to strengthen organizational resilience.
• Utilize both internal and external resources to research threats, vulnerabilities, and threat intelligence regarding various adversaries and attack methodologies.
• Guide and support the cyber monitoring team during major security events, facilitating effective incident management.
• Develop an intelligence-led framework to protect the organization globally against cyber risks, integrating threat intelligence into security practices.
• Identify Indicators of Compromise (IoCs) and create signatures for detection, enhancing threat recognition capabilities.
• Ensure integration and optimization of SIEM, SOAR, and threat intelligence platforms.
• Ensure proper documentation and compliance reporting related to incidents.
• Assist in audit and compliance efforts related to cybersecurity.
• Develop and maintain a cyber incident response program, playbooks, and workflows.
• Lead, mentor, and manage the Cyber Defense team (SOC analysts, incident responders, threat hunters).
• Supervise the identification and selection of effective information sources to assist with incident investigations.
• Coordinate with threat intelligence analysts to correlate threat assessment data and enhance situational awareness.
• Utilize deployable forensics toolkits to support operations.
• Act as a technical expert in interactions with law enforcement, providing detailed incident and forensic analysis as required.
• Monitor external data sources to stay informed about current cybersecurity threats and assess their potential impact on the organization.
• Demonstrate the ability to debug malware step-by-step to facilitate analysis and understanding of malicious behaviors.
• Perform any other duties assigned by line manager related to the nature of the work.
• Enforce, incorporate, and comply with all necessary controls and related information security policies, procedures, practices, training, reporting, personal due diligence, and vigilance within departmental/unit activities and operations.

Qualifications

Preferred qualifications

• A tertiary-level qualification from an internationally recognized institution.
• Industry-recognized certifications eCIR, C|HE, GCIH, (eCMAP, GCFA, or GNFA).

Years & nature of experience

• Would have 5 - 7 years of equivalent experience where required competencies and experience have been demonstrated with cyber security.
• An experienced professional who can deliver on difficult technical tasks.
• Has project implementation experience.
• Is self-sufficient at work and could be given small project responsibility.
• Has provided technical supervision to junior staff in the past.
• Knowledge of security principles, techniques, and technologies.
• Knowledge of networking protocols and technologies and operating systems.
• Expert in advanced network forensics: threat hunting, analysis, and incident response.

Technical competencies

• Incident response planning.
• Security information and event management.
• Vulnerability assessment.

Behavioral competencies

• Value-led accountability.
• Empowered people.
• Collaborative agility.
• Trust & transparency.