DescriptionRole: Incident Response Manager
Location: Abu Dhabi
Role purpose:
- The Incident Response Manager will lead the Cyber Security Incident Response unit oversee its day-to-day operations and manage the SOC shifts.
- This role requires collaboration with various internal teams and departments as well as external partners and cybersecurity agencies to ensure an effective and timely response to all security incidents.
- The manager must demonstrate strong leadership skills encourage teamwork optimize team performance and develop incident response strategies.
- Additionally this position demands hands-on expertise in handling complex L3 security incidents from detection to disposition including leveraging AI-driven threat detection and automated incident response tools.
- The role also requires strong crisis management and stakeholder communication skills to effectively coordinate during high-impact security events.
Key accountabilities of the role:
Leadership and strategy:
- Lead the Cyber Security Incident Response unit managing both the day-to-day operations and the strategic development of incident response capabilities.
- Develop oversee and refine incident response plans playbooks and strategies to ensure rapid and effective response to security breaches.
- Maintain and enhance information security monitoring processes tools and technologies driving continuous improvements and reducing gaps between current and ideal states.
- Demonstrate adaptability and innovation to address evolving threat landscapes continuously enhancing the response approach.
- Incident Management:
- Directly handle L3 security incidents overseeing their detection analysis containment and resolution.
- Supervise the staffs utilization of security monitoring tools and ensure high levels of team performance and engagement.
- Coordinate with threat intelligence monitoring teams and other security functions to effectively communicate incident findings to leadership and relevant stakeholders.
- Implement and maintain robust incident response frameworks including industry standards such as NIST MITRE ATT&CK and best practices for coordinated response efforts.
- Prepare and present post-incident reports including lessons learned and recommendations for preventive measures to executive management.
- Experience in crisis management and business continuity planning.
Operational efficiency:
- Manage SOC shift schedules to ensure 24/7 coverage and effective resource utilization.
- Provide detailed reports on incident investigations root cause analyses and mitigation strategies contributing to the organizations continuous improvement efforts.
- Develop and track key performance metrics for incident management and response reporting outcomes to senior management.
- Maintain strong relationships with internal and external stakeholders to support the incident problem and change management cycles.
- Facilitate effective communication during incidents ensuring that stakeholders are informed of progress and resolution steps.
Specialist skills / technical knowledge required for this role:
- Proven experience in managing security operations centers and incident response teams.
- Demonstrated capability in hands-on management of L3 security incidents from detection through to disposition.
- Strong leadership skills with the ability to motivate and guide teams.
- Expertise in information security principles the cyber threat landscape and incident response protocols.
- Excellent communication and interpersonal skills to interact with various business units and IT departments.
- Knowledge of ISO 27001 NESA PCI DSS SWIFT and other information security standards and regulations.
- Familiarity with incident response frameworks (NIST MITRE ATT&CK) and best practices in managing cybersecurity incidents.
- Ability to manage multiple tasks with high attention to detail and organizational skills.
- Bachelors degree in engineering IT or a related technical discipline.
- Relevant certifications in cybersecurity and incident management (e.g. CISSP CISM GCFA GCIH).
Previous Experience:
- More than 10 years of experience in information security particularly in incident management and response within banks or financial institutions.
- Strong experience in monitoring and incident handling techniques and tools.
- Experience managing a Computer Incident Response Team (CIRT) Computer Security Incident Response Center (CSIRC) or Security Operations Center (SOC).
- Executive experience including management-level discussions.
Required Experience:
Manager