Job Purpose
Manages and sets strategic methodologies for monitoring, detecting and responding to security incidents to reduce the security incidents effect on revenue streams, information assets, customer’s data and company’s image and reputation.
Report To Position Name
Manages CyberSecurity Incident Response Team (CIRT)
Manages CyberSecurity Incident Response Team (CIRT). CIRT is an expert group that handles computer security incidents.
Responsible for documenting, communicating and tracking all Cybersecurity Incidents affecting Etisalat Enterprise, Telecom, ISP, and B2B.
Owns the Cybersecurity Incident Management framework, which incorporates goals and objectives, polices, and processes to minimize business impact.
Defines, monitors, and measures the accomplishment of goals and objectives by quantifying the implementation, efficiency, and effectiveness of Cybersecurity Incident Management process, and identifying ways to enhance and automate various processes. The team will work closely Cybersecurity Operations Center (CSOC), Operations Team, and Information Security team to ensure tight integration and resiliency of all operations.
Benchmarks & recommends new solution for Cybersecurity Incident Management processes and technology against industry standard & latest Cybersecurity threats.
Identifies and tracks Incident Management performance measures to provide relevant performance trends & KPIs over time.
Engages with associates across enterprise including the Cybersecurity Operations Center (CSOC), Cyber Threat Intelligence (CTI), and other teams as necessary.
Develops and distributes executive-level summaries of cybersecurity incidents, which impact Etisalat assets.
Communicates deep technical cybersecurity threats & incident response operations information across the Cybersecurity division, to include Security Senior Director.
Manages the Execution of day-to-day cybersecurity Incident Management operations.
Creates dynamic CSIR team. Some of these team members can be attorneys, human resources, public relations, various IT staff with specific specializations.
Provides support to operational & cybersecurity strategy development.
Develops, follows, and maintains ‘playbooks’ for Incident Management workflows.
Identifies and enhances processes automation.
Prepares/ maintains Incident Response plan across organization.
Serves as a subject matter expert for security monitoring and incident response related knowledge domain and tools.
Prioritization of incidents based on organizational impact.
Manages SOC “Security Operations Center”
The SOC Manager is responsible for the management and oversight of the Security Operations team for Cyber Security, specifically focused on monitoring, investigations, and cyber Threat intelligence.
The SOC Manager develops and implements monitoring use cases in the SIEM, manage security infrastructure components (SIEM, Resilient...), and be hands-on in managing investigations. He will also be responsible for working with all divisions within Cybersecurity, Network Security, Systems Security, IT, Technical, ISP, B2B lines of business, and third party resources as required.
Develops and administers SOC processes and reviews their application to ensure that SOC’s controls, policies, and procedures are operating effectively.
Manages team’s efforts to monitor for security events and provides first and final escalation analysis.
Provides management oversight for the identification, triage and response of events or incidents of apparent security breaches.
Produces and reviews aggregated performance metrics.
Provides first line supervision to direct reports.
Plays a significant role in long-term SOC strategy and planning, including initiatives geared towards operational excellence.
Manages the Escalation of cases to Incident Management team and provides all required data for investigation.
Leads strategic and tactical operations focused on developing, applying, and communicating a deep understanding of cyber campaign and nation state threats to protect the enterprise.
Primary responsibility for Threat Intelligence Platform workflows to help drive orchestration of cyber threat intelligence information into Security Operations Center missions.
Prioritizes actions during the detection, analysis, and containment of an incident based on organizational impact.
Leads initiatives around use case and indicator of compromise (IOC) development and support threat report production as needed.
Manages and increases the effectiveness and efficiency of the SOC, through improvements to each function as well as coordination and communication between support and business functions.
Regulations and Standards Management
Responsible for ensuring that the Company’s security operations policies, procedures, and resources comply with regulatory requirements.
Routinely evaluates compliance with legal, regulatory, contractual and organizational requirements for the security of information assets.
Creates strategies plans to reach the regulation and standard requirements.
Designs security operation daily activities to keep organization comply with regulatory rules.
Ensures that Etisalat new implementations comply with security standards requirements.
Delivers reports and evidence related to operational activities to external auditors.
Presents Etisalat as a technical communication point with regulators and auditors.
Security Enhancements & Quality Assurance
Facilitating goal-level creation for the broader function and working with managers to ensure the goals cascade to all workers.
Interacting with senior management/ heads/ directors for reporting security Incidents.
Identifies the need for, and implements new operational security management controls, and practices to meet changing organizational requirements.
Monitors routinely operational security management provision, taking action to address potential vulnerabilities.
Develops and implements the necessary information security operations management plans to maintain effective resilience during ongoing operations.
Manages the review cycle for security operations, taking into account information from incidents, vulnerability assessments, penetration tests, threat assessments and changes to relevant legislation and regulations.
Assesses, evaluates, enhances, and/or implements quality improvement practices, processes, procedures, or policies that have an impact on the planning activities.
People Management
Manages and/or provides guidance to senior and junior members of the team.
Conducts periodic meetings with the network security operations teams and generates periodic reports.
Recommends training plan for CIRT.
Works on enhancing the engagement index.
Solves/ escalates the conflict between team members.
Solves/ escalates employees’ environmental issues.
Coordinates with different teams (IT, Technical) to ensure implementing the security requests and projects in a proper way.