Incident Response Manager

Role: Incident Response Manager

Location: Abu Dhabi

Role purpose:

• The Incident Response Manager will lead the Cyber Security Incident Response unit oversee its day-to-day operations and manage the SOC shifts.
• This role requires collaboration with various internal teams and departments as well as external partners and cybersecurity agencies to ensure an effective and timely response to all security incidents.
• The manager must demonstrate strong leadership skills encourage teamwork optimize team performance and develop incident response strategies.
• Additionally this position demands hands-on expertise in handling complex L3 security incidents from detection to disposition including leveraging AI-driven threat detection and automated incident response tools.
• The role also requires strong crisis management and stakeholder communication skills to effectively coordinate during high-impact security events.

Key accountabilities of the role:

Leadership and strategy:

• Lead the Cyber Security Incident Response unit managing both the day-to-day operations and the strategic development of incident response capabilities.
• Develop oversee and refine incident response plans playbooks and strategies to ensure rapid and effective response to security breaches.
• Maintain and enhance information security monitoring processes tools and technologies driving continuous improvements and reducing gaps between current and ideal states.
• Demonstrate adaptability and innovation to address evolving threat landscapes continuously enhancing the response approach.
• Incident Management:
• Directly handle L3 security incidents overseeing their detection analysis containment and resolution.
• Supervise the staffs utilization of security monitoring tools and ensure high levels of team performance and engagement.
• Coordinate with threat intelligence monitoring teams and other security functions to effectively communicate incident findings to leadership and relevant stakeholders.
• Implement and maintain robust incident response frameworks including industry standards such as NIST MITRE ATT&CK and best practices for coordinated response efforts.
• Prepare and present post-incident reports including lessons learned and recommendations for preventive measures to executive management.
• Experience in crisis management and business continuity planning.

Operational efficiency:

• Manage SOC shift schedules to ensure 24/7 coverage and effective resource utilization.
• Provide detailed reports on incident investigations root cause analyses and mitigation strategies contributing to the organizations continuous improvement efforts.
• Develop and track key performance metrics for incident management and response reporting outcomes to senior management.
• Maintain strong relationships with internal and external stakeholders to support the incident problem and change management cycles.
• Facilitate effective communication during incidents ensuring that stakeholders are informed of progress and resolution steps.

Specialist skills / technical knowledge required for this role:

• Proven experience in managing security operations centers and incident response teams.
• Demonstrated capability in hands-on management of L3 security incidents from detection through to disposition.
• Strong leadership skills with the ability to motivate and guide teams.
• Expertise in information security principles the cyber threat landscape and incident response protocols.
• Excellent communication and interpersonal skills to interact with various business units and IT departments.
• Knowledge of ISO 27001 NESA PCI DSS SWIFT and other information security standards and regulations.
• Familiarity with incident response frameworks (NIST MITRE ATT&CK) and best practices in managing cybersecurity incidents.
• Ability to manage multiple tasks with high attention to detail and organizational skills.
• Bachelors degree in engineering IT or a related technical discipline.
• Relevant certifications in cybersecurity and incident management (e.g. CISSP CISM GCFA GCIH).

Previous Experience:

• More than 10 years of experience in information security particularly in incident management and response within banks or financial institutions.
• Strong experience in monitoring and incident handling techniques and tools.
• Experience managing a Computer Incident Response Team (CIRT) Computer Security Incident Response Center (CSIRC) or Security Operations Center (SOC).
• Executive experience including management-level discussions.