CYBER DEFENSE SECTION HEAD

Education and work experience:

Bachelor's degree in Computer Science, Information Systems, Information Technology, or a related field. A Master Science (MS) in Information Security is preferred.

6 or more years paid work experience in IT, Telecom, Cybersecurity or related field, and 3+ years in event and/or incident response experience in a cyber operations environment, experience may be concurrent.

Main functions:

• Manage, run and maintain the Cyber Security Operations in line with KPO Strategy and KPO Cyber Security Strategy.
• Manage the following functions on daily basis with smooth operations including designing, developing implementing processes and tools for Cyber Incident Response, Identify and access management, Threat Monitoring and Vulnerability management, Security Operations Center, Perimeter protections including Intrusion Detection System (IDS)/ Intrusion Prevention System (IPS)/ Cloud Access Security Broker (CASB)/ Firewalls/ Honeypots, etc., as Line of Defense 1 (LOD1).
• Deliver strategic reports and strategies to minimize the impact of the cyber threat as needed by the Cyber Leadership. Carry out responsibility for whole Cyber Security Operations Centre (CSOC) function operation in close collaboration with PCN/PCD team.
• Lead and manage the CSOC, including associated managed service providers. Make inputs and proposals on Department's budget.
• Manage, administer, and maintain the security information and event management (SIEM) solution along with its reporting and analytics. Manage the onboarding of all security-relevant data into the SIEM solution.
• Manage, administer, and maintain the Cyber Threat & Vulnerability Management Program along with the artefacts discovered. Maintain a cyber threat intelligence knowledgebase comprising of cyber security advisories and alerts, including current and emerging cyber threats, as well as strategic and tactical recommendations on detecting, mitigating, and remediating these cyber threats.
• Manage the process of gathering, analysing and assessing the current and future cyber threat landscape, as well as creating actionable analytics derived from this analysis.
• Develop and maintain the Cyber Security Monitoring and Visibility, Cyber Threat & Vulnerability Management, and Cyber Incident Response policies, Cybersecurity operations procedures, tools, trainings, standards, playbooks as well as all other supporting materials. Propose changes to existing cyber security policies and procedures to ensure operating efficiency and regulatory compliance.
  Develop a process for KPO to obtain threat intelligence feeds from vendors, industry bodies like Information Sharing and Analysis Centre (ISACS), other industry peers (Parent Companies) etc and integrate into KPO monitoring tools for better protection capabilities.
• Manage team to ensure continued success and growth. Manage Cyber Security Operations projects, including process improvement and technology investments. Lead staff, conduct performance reviews, and provide leadership and coaching, including technical and personal development programs for team members
• Define and maintain the roadmap of program and technology changes driven by the Cyber Security Operations. Manage outsourced vendors that provide CSOC functions for compliance with contracted service-level agreements (SLA). Manage and coordinate operational components of incident management, including detection, response, and reporting. Develop and implement the process and define Operational Level Agreements (OLAs) for Incident Management and response. Track and Monitor that all incidents meet defined OLA's. Seek to constantly improve OLA metrics with annual review by Cyber Security Manager.
• Develop a working relationship with stakeholders in Cyber Security, Digitalization and Continuous Improvement, IT&T, IT Enterprise Architecture, PCD Security and other respective teams to be able to communicate cyber metrics and incidents as needed. Manage a monthly meeting of all stakeholders to obtain feedback on Cyber Operations and seek improvement points to fine tune operations.
• Work with the Cyber Security Manager to define metrics and reporting strategies that effectively communicate successes and progress of the cyber security operations centre program. Manage the creation and maintenance of cyber security alerts, reports, dashboards, and metrics for the CSOC and their presentation to the Cyber Security Manager. Advise the Cyber Security Manager of significant emerging cyber threats and their mitigation.
• Contribute in the research, evaluation, design, test, recommendation, and implementation of new or updated cyber security hardware, software or other solutions in collaboration with Cyber Security Architect and Enterprise Systems Architect.
• Manage and coordinate operational components of cyber incident management, including protection, detection, response, and reporting. Manage the day-to-day activities of cyber threat and vulnerability management, recommend treatment plans and communicate information about residual risk. Ensure audit trails, system logs, and other monitoring data sources are reviewed periodically and in compliance with policies and audit requirements where applicable to Cyber Security Operations.
• Develop an Incident management process based on severity and design processes and standard operating procedures for severity-based incidents. Implement the Incident Management process across KPO (Information Technology/ Process Control Domain and all departments where a Cyber incident occurs).
• Design and implement an incident management committee based on severity and communication protocols for all incident types. Ensure execution of the cyber incident response process where applicable and that it is maintained until the resolution of the incident.
• Develop a high-performance team to achieve superior results. Coach, motivate, and lead team members to optimum performance and assist in their career development with effective feedback and development opportunities.
• Perform other instructions of management / line manager / direct superior within its competence.

Necessary knowledge and skills:

• Mastery English is an advantage on this role;
• Knowledge of common information security management frameworks, such as ISO/IEC 27001, and The National Institute of Standards and Technology (NIST).
• Strong technical understanding of data, and application security, operating system internals and network protocols.
• Practical knowledge in system technology security testing (vulnerability scanning and penetration testing).
• Strong knowledge of cyber security operations concepts, cyber threat and vulnerability management processes and Cyber Security Operations Centers (CSOC), including associated managed service providers.
• Extensive security operations, incident response, incident detection, malware detection, and threat response hands-on knowledge.
• A strong understanding of the business impact of security tools, technologies and policies.
• Hands-on knowledge in forensic activities and tools.
• In-depth knowledge of Information Security, SIEM management, Incident Response, Risk mitigation, and Infrastructure Protection tools and processes.
• A solid understanding of log and monitoring management systems, security event monitoring systems, threat intelligence, network-based and host-based intrusion detection systems, firewall technologies and Endpoint detection and response solutions.
• Demonstrated hands-on knowledge with managing and ensuring the timely response, triages and investigations of security events and incidents.