Head Of Incident Response
Johannesburg, Gauteng
5d ago
source : findojobs-za

Overview : Provides leadership and direction in the area of Cybersecurity Operations Incident Response. Manages individual analysts with responsibility for providing incident response coordination.

Provides coaching, mentorship, guidance, and makes staffing recommendations for IR staff. Identifies, communicates, and escalates Cybersecurity threats, vulnerabilities, risks, emerging trends, and mitigation strategies in alignment with the organization's risk appetite.

Provides direction and leadership for the Incident Response program. May manage vendor relationships. Edits and produces reports for leadership and serves as primary Incident Commander for potential or realized cybersecurity incidents.

Primary Responsibilities : Respond to critical security incidents and lead escalation teams to close with response, containment, and remediation.

Provide oversight and hands-on leadership in coordinating incident response functions. Ensure effective alert monitoring, data ingestion, logs collection and analysis, incident handling, and remediation and reporting efforts by Incident Response Teams.

Coordinate with Threat Intelligence analysts to correlate threat assessment data.Coordinate incident response functions, with assistance from Cyber Operations management.

  • Write and publish after action reviews.Perform real-time cyber defense incident handling (e.g., intrusion correlation andtracking, threat analysis, and direct system remediation) tasks to support the Cybersecurity Operations CenterPerform cyber defense incident triage, to include determining scope, urgency, and potential impact;
  • identifying the specific vulnerability; and making recommendations that enable expeditious remediationIdentify opportunities to automate or improve processes around incident responseCoordinate cybersecurity incident drills and provide plans, guidance, and recommendations for improvement.

    Oversee the preparation, creation, distribution, and maintenance of Standard Operating Procedures (SOPs) and related deliverables.

    Lead and oversee that cybersecurity awareness, basics, literacy, and training are provided to operations personnel commensurate with their responsibilities within the team.

    Review, evaluate, recommend, and coordinate protective or corrective measures when a cybersecurity incident or vulnerability is discovered.

    Exercise usual authority of a manager concerning staffing, performance appraisals, promotions, salary recommendations, performance management and terminations.

    Understand and adhere to the Companys risk and regulatory standards, policies and controls in accordance with the Companys Risk Appetite.

    Design, implement, maintain and enhance internal controls to mitigate risk on an ongoing basis. Identify risk-related issues needing escalation to management.

    Promote an environment that supports diversity and reflects the M&T Bank brand.Complete other related duties as assigned.

    Scope of Responsibilities : Oversee, develop, and refine under review of higher management the Cybersecurity Operations Incident Response environment and program, including managing daily operations, creating and executing area strategy, building, revising or creating new policies and procedures, and leading personnel and staffing.

    Responsible for management and development of Cybersecurity Incident Response Analyst scheduling and staffing to ensure lossless coverage.

    Responsible for forecasting service demands, security activity, and managing staff performance. Responsible for review, analysis, functional operations, and oversight of the Incident Response Platform to facilitate incident administration, mitigation, and remediation to include analysis of trends, gaps, or areas of improvement.

    May manage vendor relationships.Education and Experience Required : Associates degree in applicable discipline and a minimum of 7 years relevant work experience, or in lieu of a degree, a combined minimum of 9 years higher education and / or work experience, including a minimum of 7 years relevant work experienceMinimum of 2 years work leadership, supervisory and / or managerial experienceRelevant work experience in two or more of the following Cybersecurity domains : Security and Risk Management, Asset Security, Security Engineering, Communication and Network Security, Identity and Access Management, Security Testing and Security OperationsKnowledge of Cybersecurity operational processesKnowledge of Cybersecurity threats, vulnerabilities, emerging trends, and regulatory and operational impactsExperience utilizing feedback to drive process and service improvementExperience managing stakeholder relationships, including determining needs, requirements, and resources, and managing stakeholder expectations while committing to delivering quality resultsProven ability to communicate complex information, concepts, or ideas in a confident, accurate, and well-organized manner through verbal, written, and / or visual mediaExperience adjusting to and operating in a diverse, challenging, and unpredictable fast-paced work environmentExperience coordinating, collaborating, and disseminating information to subordinate, peer, and leadership teams, departments, and organizationsExperience advising and providing assistance to operations and intelligence decision makers in response to dynamic situationsExperience managing and leading a Cybersecurity team of analysts, including training, mentorship and development of staffExperience serving as an escalation point for Cybersecurity incidents, vulnerabilities, and eventsTechnical experience and understanding of testing and maintaining network infrastructure requirements, including hardware and software systemsPrior experience translating functional organizational and department requirements into logical and technical Cybersecurity solutionsExperience with managing operations following organizationally specific guidelines and documentsKnowledge of state, Federal, and industry-specific guidelinesExperience reviewing, verifying, and revising Cybersecurity and operational documentationExperience developing Cybersecurity strategies and plansEducation and Experience Preferred : Bachelors degree in an applicable disciplineMinimum of 5 years demonstrated job progression and relevant work experience in two or more of the following Cybersecurity domains : Security and Risk Management, Asset Security, Security Engineering, Communication and Network Security, Identity and Access Management, Security Testing and Security OperationsPrior experience as an incident responder or incident commanderRelevant industry or vendor-based certification in the digital forensics field, including but not limited to ACE, EnCE, GCFA, GFCE, and / or CFCE.

    Relevant certifications for Cybersecurity practitioners, including but not limited to CISSP, CISM, and / or CySA.#MTBTechCareers, #MTBTechLife,#LI-KB1LocationBaltimore, Maryland, United States of America

    Report this job

    Thank you for reporting this job!

    Your feedback will help us improve the quality of our services.

    My Email
    By clicking on "Continue", I give neuvoo consent to process my data and to send me email alerts, as detailed in neuvoo's Privacy Policy . I may withdraw my consent or unsubscribe at any time.
    Application form