AVP- Security Incident Management (UAE National)

The AVP, Security Incident Management will lead the incident response team within the Cyber Defense Center, ensuring timely and effective handling of security incidents. This/her role involves coordinating with various stakeholders, managing incident response processes, investigation, analysis, containment, recovery, communication, and reporting. Also continuously improving the organization’s incident management capabilities and meeting the compliance requirements. The Incident Manager plays a vital role in safeguarding the organization’s digital assets and maintaining its cybersecurity posture

• Alignment with Business Priorities: Ensure alignment with organizational goals and objectives
• Ownership and Accountability: Incident Manager takes full responsibility for the activities and the department’s, holding self and the team accountable for their outcomes.
• Driving Incident Response Maturity Enhancement: Proactively drives initiatives that enhance incident response and resilient cyber posture.
Focus on Outputs and Impact: Focus on delivering outputs that create meaningful impact such as enhanced security culture and protection posture of the bank.
• Innovation and Automation: Continuously seek innovative solutions and automated processes for efficiency.
• Continuous Learning and Improvement: Committed to learning from experiences and continuously improving relevant processes and outcomes.
• Incident Analysis: Quickly analyzing incidents to understand their root causes is essential. This involves gathering data, identifying patterns, and determining the impact on systems and users.
• Critical Thinking: The ability to think critically and evaluate situations from multiple angles helps in devising effective solutions under pressure.
• Technical Knowledge: A strong technical background allows you to understand the systems and technologies involved, which is crucial for diagnosing issues and coordinating with technical teams.

• 12+ years of rich experience in information security domain and at least 6-8 years of dedicated experience in Security Incident Response.
• Hands on experience in implementing and operationalizing SIEM/SOAR tools such as Sentinel, ArcSight etc.
• Experience in defining and reporting KPIs for Security Incident response.
• Familiarity with advanced SOC monitoring technologies, risk, threat and security measures.
• Knowledge across the SOC domains including governance, control frameworks, policies, compliance management, risk management and incident response etc.
• Comprehensive knowledge of regulatory and compliance requirements and how they influence the bank's Information Security strategy.
• Preferably worked in BFSI domain with proven experience in SOC function.
• Strong understanding of key security standards and regulations such as NIST 800-61, CERT/CC, PCI, ISO 27035 etc.
• Deep understanding of Security Incident response frameworks and their application in creating robust policies.
• Automate potential resilient security processes to ensure continuous compliance with security best practices.
• Maintaining up-to-date knowledge of security trends, threats, and countermeasures
• Assess and design security posture determination processes, tools and methodologies
• Reviewing and approving use cases/playbooks for SIEM/SOAR tools
• Continuously monitor security hygiene and performance using tools and processes
• Collaborate with other IS teams, Ops and tech teams on enhancing security incident response resilience