Job Grade: (HO Equivalent), Manager – Grade 12
The primary role of this position is to support the Group Information Security team in analysing and assessing security events and vulnerabilities in the infrastructure (i.e., software, hardware and networks); analysing and assessing damage to the data or infrastructure as a result of IT incidents; testing for compliance with security policies and standards; implementing, monitoring, and maintaining information security operational processes; and producing reports for the assessment and functioning of information security operations.
The Security Analyst Manager oversees the L1/L2 SoC activities and manages the internal incident response efforts in coordination with the Lad Security Analyst and the GCISO. In addition, the position provides full and continuous support to the GCISO in IT/security matters, involvement in on-going systems/tools implementations and business projects. Performs special reviews, investigations, due diligence reviews and other non-routine assignments at the behest of the department head.
Dimensions of role (i.e. budgets managed, number of staff):
Financial (Revenue, Expenses, Budgets etc.)
- Non-Financial (size of team, geographical coverage, time horizon of main decisions, etc.)
- Bank ABC and any other subsidiaries; excluding ABC Brazil and AFS
Principal Responsibilities, Accountabilities and Deliverables of Role:
Research & Planning:
- Plan, research and design robust log management for any IT project/solution
- Develop threat use cases scenarios to collect events and alert on specific scenarios
- Aligning new security solutions with existing log management needs
- Lead and coordinate assessment of existing and target / implemented log management and monitoring architecture
- Reduce downtime and ensure business continuity of the log management services, including the SoC
- Perform L3 analysis and deals with alerts escalated by the L1-L2 SoC.
Cost, Planning, Project Management:
- Prepare cost estimates and identify integration issues for solutions
- Handle Incident Response retainers and coordinate third party engagements
- Establish meaningful measures & metrics for SoC performance and SLAs monitoring.
- Understanding of log generation Security Engineering outputs and able to oversee and incorporate into security planning
- Able to incorporate security measures into the existing, resultant or target architecture
- Carry out vulnerability assessments and penetration tests to assess the resilience of the log collection, alerting and monitoring arrangements.
- Coordinate the installation of security solutions and managing the configuration of said solutions
- Identify opportunities to automate processes and activities and coordinating implementation of automation
- Identify gaps in log collection and alerting, and incident response.
- Coordinate the testing of all SIEM and SoC related security solutions including hardening configurations
Training & Knowledge share:
- Expert knowledge in cyber security incident response activities
- Organize and maintain documentation for table-top exercises.
- Define, implement and maintain corporate procedures
- Monitor issues / remediation activities to ensure gap closure to fulfil security control objectives
- Coordinate with other members of Group IT, Cyber & Information Security, and end-user departments to sustain appropriate technical and procedural controls to support the industry and regulatory mandatory security objectives.
- Test and maintain incident response plans and playbooks to address existing and emerging threats
- Help develop and implement the cyber and information security vision, strategy, and annual plan.
- Manage technical relationships with assigned vendors, including driving features and function request for inclusion in future product releases.
- Will be the Product Owner for all audit log collection and alerting solutions
- Reporting findings to management
- Perform ad hoc additional duties as required.
Risk, Compliance & Business Continuity:
At all times, act with due care, skill and diligence to ensure compliance with Bank ABC’s risk culture, policies and procedures, Code of Conduct and Values.
Escalate risk and compliance issues in a timely manner to your line manager, and ensure that all mandatory training is completed to schedule.
Escalate to MLRO in a timely manner any knowledge or suspicion of financial crime, providing all pertinent facts and assistance where required for further investigation.
Participate in exercises to rehearse the banks response to an emergency situation (i.e. evacuation exercises and Business Continuity tests)
Job Context (Circumstances & environment surrounding the job):
The aim of the security operation centre and incident response team is to identify, analyse and react to cybersecurity events using a set of processes and technology solutions. The team includes a lead, a manager, an officer and a third party who work together with other security and IT personnel to address potential and actual security incidents. The team collects audit log events and analyses activity on servers, endpoints, network devices, and other technology systems. The team members, who are supported by a L1-L2 24*7 external SoC, provide a critical layer of internal analysis needed to confirm and seek out any unusual activity that could suggest a security incident.
Under general supervision the job holder performs professional and technical work in the Information Security department in developing, implementing and maintaining information security standards, processes, tools and controls through Head Office. Assists the team and other personnel to identify and analyse threats and vulnerabilities posing risks to data, applications, systems and other information assets. Manages the scope, schedule and other resources that may be required to deploy the Information Security programme through the Group. Travel may be required. Performs other related work as required.
- Knowledge of current and emerging technologies and tactics used within a SoC/CIRT and how they can be applied to improve efficiency and effectiveness.
- Able to tune correlation rules and outcomes via SIEM and security orchestration, automation, and response platforms.
- Understanding of IPS, firewalls, WAFs, and reputation systems
- Good knowledge of security design
- Good understanding of security design patterns
- Experience with network security and networking technologies and with system, security, and network monitoring tools
- Understanding of Information Security frameworks (e.g., ISO 27001/27002, NIST CSF, CIS TOP 20)
- Understanding of the information security industry and the current threat landscape
- Broad understanding of the information security domains: infrastructure security, access management, physical security, application security, Security Compliance, and IT Change Management.
Education / Certifications
- University degree with an IT background
- Recognized and active information security qualifications (e.g., CISSP, CISM, EC Council or SANS related certifications).
- At least 8 years of relevant IT and security experience
- 5+ years of direct hands on experience on a SoC/CIRT team
- Experience in managing L1/L2 activities
- Experience in working with SIEM solutions
- Recent, full-time working experience with financial institutions
- Strong team player
- Fluent in English (mandatory)
- Ability to organise and prioritise tasks
- Able to conduct the role with minimum supervision
- Strong communication skills capable of dealing with wide range of internal and external stakeholders.