AVP- Security Incident Management

Job Purpose:

Leads the incident response team within the Cyber Defense Center, ensuring timely and effective handling of security incidents. This/her role involves coordinating with various stakeholders, managing incident response processes, investigation, analysis, containment, recovery, communication and reporting. Also continuously improving the organization’s incident management capabilities and meeting the compliance requirements.

The Incident Manager plays a vital role in safeguarding the organization’s digital assets and maintaining its cybersecurity posture.

Key Result Areas:

• Strategic Oversight: Provide strategic direction and oversight for the incident management process, ensuring alignment with organizational goals and objectives.
• Security Incident Management: Lead the coordination of major security incidents/crisis management, ensuring that all relevant teams and stakeholders are effectively engaged and provide appropriate technical insights to the Crisis Management Team (CMT).
• Managing incident investigation, analysis, containment, recovery, communication and reporting
• Policy & Procedure Development: Develop and refine incident management policies and procedures, ensuring they are up-to-date and effective in addressing current and emerging threats.
• Continuous Improvement: Conduct thorough post-incident reviews to identify lessons learned and implement improvements to prevent future incidents.
• Training & Mentorship: Provide training and mentorship to other team members, ensuring the team is well-prepared to handle incidents.
• Stakeholder Communication: Maintain clear and effective communication with stakeholders, providing updates on incident status and resolution efforts

Knowledge, Skills, & Experience:

Essential knowledge

• Have over 12+ years of rich experience in information security domain and at least 6-8 years of dedicated experience in Security Incident Response.
• Hands on experience in implementing and operationalizing SIEM/SOAR tools such as Sentinel, ArcSight etc.
• Experience in defining and reporting KPIs for Security Incident response.
• Familiarity with advanced SOC monitoring technologies, risk, threat and security measures.
• Knowledge across the SOC domains including governance, control frameworks, policies, compliance management, risk management and incident response etc.
• Comprehensive knowledge of regulatory and compliance requirements and how they influence the bank's Information Security strategy.
• Preferably worked in BFSI domain with proven experience in SOC function.
• Strong understanding of key security standards and regulations such as NIST 800-61, CERT/CC, PCI, ISO 27035 etc.

Skills and Application

• Leads the development and implementation of comprehensive Security Governance strategies that address identified risks and compliance requirements, incorporating advanced technologies and methodologies to enhance security posture.
• Deep understanding of Security Incident response frameworks and their application in creating robust policies.
• Automate potential resilient security processes to ensure continuous compliance with security best practices.
• Maintaining up-to-date knowledge of security trends, threats, and countermeasures
• Assess and design security posture determination processes, tools and methodologies
• Reviewing and approving use cases/playbooks for SIEM/SOAR tools
• Continuously monitor security hygiene and performance using tools and processes
• Collaborate with other IS teams, Ops and tech teams on enhancing security incident response resilience

Other

• Knowledge of evolving advanced tech stacks and related control and risk universe from a SOC perspective.
• Knowledge and expertise in conducting risk assessment and management.
• The ideal candidate will have a technical or computer science degree.
• Professional certifications: GCIH, CISSP, CEH, FOR608, CISM etc.