Cyber Security Manager

Job Purpose

Manage security event monitoring and incident response using SIEM platforms, with preference for Azure Sentinel and ArcSight.

Analyze and respond to security events from diverse sources such as firewalls, IDS/IPS, antivirus solutions, DAM systems, web servers, proxies, and banking applications.

Develop and maintain alert rules and logic within SIEM to ensure accurate detection of security events.

Assist senior personnel in managing complex security incidents and improving incident response times.

Key Result Areas

Security Event Management:

Monitor and respond to security events from SIEM systems (Azure Sentinel & ArcSight preferred).

Analyze and respond to events from various data sources including firewalls, IDS/IPS, AV, DAM, web servers, proxies, and banking applications.

Threat and Incident Management:

Develop and implement alert rules and logic in SIEM to detect events of interest.

Perform accurate, real-time analysis and correlation of logs and alerts from multiple sources.

Utilize established policies, standards, and procedures to determine which alerts should be classified as security incidents.

Assist in the resolution of complex security incidents and enhance incident response efficiency.

Security Improvements and Collaboration:

Improve incident response times, reduce false positives, and enhance threat detection capabilities.

Contributes to the design, implementation, and documentation of security awareness programs.

Update and refine existing processes and policies (SOPs, playbooks, runbooks) in line with cybersecurity best practices.

Work collaboratively with compliance, audit, and regulatory teams to provide necessary information and support.

Key Principles

Proactive Threat Management: Continuously monitor, analyze, and respond to emerging threats to stay ahead of potential security risks.

Precision and Efficiency: Ensure accurate detection and response to security events, with a focus on reducing false positives and improving operational efficiency.

Continuous Improvement: Regularly update security practices, adapt to evolving threats, and enhance detection and response capabilities.

Collaborative Approach: Foster strong relationships with internal teams and external regulators to ensure comprehensive security management and compliance.

Knowledge, Skills, and Experience

Educational Background: Graduate/Postgraduate degree in Science, Engineering, or IT.

Certifications: Minimum of 2 Professional certifications from CISSP, CISM, CRISC, CISA, or equivalent.

Exprience:

Proficient in SIEM Policy reviews and implementation, with experience in Cyber Defense Center or Security Operations Center roles.

Over 10 years of experience in SOC & CDC, with strong analytical skills and experience in managing security operations.

Skills:

Proficiency in SIEM design and implementation.

Ability to work with various teams to enhance security awareness.

Strong documentation and report writing skills.

Knowledge of the banking environment is advantageous.