AVP- Security Incident Management (UAE National)

The AVP, Security Incident Management will lead the incident response team within the Cyber Defense Center, ensuring timely and effective handling of security incidents. This/her role involves coordinating with various stakeholders, managing incident response processes, investigation, analysis, containment, recovery, communication, and reporting. Also continuously improving the organization’s incident management capabilities and meeting the compliance requirements. The Incident Manager plays a vital role in safeguarding the organization’s digital assets and maintaining its cybersecurity posture

• Alignment with Business Priorities: Ensure alignment with organizational goals and objectives
• Ownership and Accountability: Incident Manager takes full responsibility for the activities and the department’s, holding self and the team accountable for their outcomes. 
• Driving Incident Response Maturity Enhancement: Proactively drives initiatives that enhance incident response and resilient cyber posture. 
  Focus on Outputs and Impact: Focus on delivering outputs that create meaningful impact such as enhanced security culture and protection posture of the bank. 
• Innovation and Automation: Continuously seek innovative solutions and automated processes for efficiency.
• Continuous Learning and Improvement: Committed to learning from experiences and continuously improving relevant processes and outcomes.
• Incident Analysis: Quickly analyzing incidents to understand their root causes is essential. This involves gathering data, identifying patterns, and determining the impact on systems and users.
• Critical Thinking: The ability to think critically and evaluate situations from multiple angles helps in devising effective solutions under pressure.

• Technical Knowledge: A strong technical background allows you to understand the systems and technologies involved, which is crucial for diagnosing issues and coordinating with technical teams.

  
  
• 12+ years of rich experience in information security domain and at least 6-8 years of dedicated experience in Security Incident Response. 
• Hands on experience in implementing and operationalizing SIEM/SOAR tools such as Sentinel, ArcSight etc. 
• Experience in defining and reporting KPIs for Security Incident response.
• Familiarity with advanced SOC monitoring technologies, risk, threat and security measures. 
• Knowledge across the SOC domains including governance, control frameworks, policies, compliance management, risk management and incident response etc.
• Comprehensive knowledge of regulatory and compliance requirements and how they influence the bank's Information Security strategy. 
• Preferably worked in BFSI domain with proven experience in SOC function.
• Strong understanding of key security standards and regulations such as NIST 800-61, CERT/CC, PCI, ISO 27035 etc.
• Deep understanding of Security Incident response frameworks and their application in creating robust policies.
• Automate potential resilient security processes to ensure continuous compliance with security best practices.
• Maintaining up-to-date knowledge of security trends, threats, and countermeasures
• Assess and design security posture determination processes, tools and methodologies
• Reviewing and approving use cases/playbooks for SIEM/SOAR tools
• Continuously monitor security hygiene and performance using tools and processes
• Collaborate with other IS teams, Ops and tech teams on enhancing security incident response resilience
   

• Strategic Oversight: Provide strategic direction and oversight for the incident management process, ensuring alignment with organizational goals and objectives.
• Security Incident Management: Lead the coordination of major security incidents/crisis management, ensuring that all relevant teams and stakeholders are effectively engaged and provide appropriate technical insights to the Crisis Management Team (CMT).
• Managing incident investigation, analysis, containment, recovery, communication and reporting
• Policy & Procedure Development: Develop and refine incident management policies and procedures, ensuring they are up-to-date and effective in addressing current and emerging threats.
• Continuous Improvement: Conduct thorough post-incident reviews to identify lessons learned and implement improvements to prevent future incidents.
• Training & Mentorship: Provide training and mentorship to other team members, ensuring the team is well-prepared to handle incidents.
• Stakeholder Communication: Maintain clear and effective communication with stakeholders, providing updates on incident status and resolution efforts

Essential knowledge

• Have over 12+ years of rich experience in information security domain and at least 6-8 years of dedicated experience in Security Incident Response. 
• Hands on experience in implementing and operationalizing SIEM/SOAR tools such as Sentinel, ArcSight etc. 
• Experience in defining and reporting KPIs for Security Incident response.
• Familiarity with advanced SOC monitoring technologies, risk, threat and security measures. 
• Knowledge across the SOC domains including governance, control frameworks, policies, compliance management, risk management and incident response etc.
• Comprehensive knowledge of regulatory and compliance requirements and how they influence the bank's Information Security strategy. 
• Preferably worked in BFSI domain with proven experience in SOC function.
• Strong understanding of key security standards and regulations such as NIST 800-61, CERT/CC, PCI, ISO 27035 etc.

Skills and Application 

• Leads the development and implementation of comprehensive Security Governance strategies that address identified risks and compliance requirements, incorporating advanced technologies and methodologies to enhance security posture.
• Deep understanding of Security Incident response frameworks and their application in creating robust policies.
• Automate potential resilient security processes to ensure continuous compliance with security best practices.
• Maintaining up-to-date knowledge of security trends, threats, and countermeasures
• Assess and design security posture determination processes, tools and methodologies
• Reviewing and approving use cases/playbooks for SIEM/SOAR tools
• Continuously monitor security hygiene and performance using tools and processes
• Collaborate with other IS teams, Ops and tech teams on enhancing security incident response resilience

Other

• Knowledge of evolving advanced tech stacks and related control and risk universe from a SOC perspective.
• Knowledge and expertise in conducting risk assessment and management.
• The ideal candidate will have a technical or computer science degree.
• Professional certifications: GCIH, CISSP, CEH, FOR608, CISM etc.