JD - Senior Manager, Cyber Security Incident Response (IR) Team Lead
Department: Group Information Security
Reporting To: Senior Manager, Security Monitoring & Incident Response (Pillar Head, Group Security Monitoring & Incident Response)
Role Purpose
The Cyber Security Incident Response (IR) Team Lead serves as the senior-most incident response specialist within the team, providing subject matter expertise and operational leadership for the Group's cyber incident response function across all markets.
This role supports the Pillar Head of Security Monitoring & Incident Response in managing day-to-day operations of the Incident Response team, ensuring effective coordination, investigation, containment, remediation, and closure of cyber security incidents. The incumbent will also drive continuous improvements in cyber incident detection, monitoring, response processes, and technologies through collaboration with internal stakeholders and external service providers.
In addition, the role is responsible for establishing and maintaining incident response processes, SOPs, and best practices while fostering a culture of operational excellence and continuous improvement.
Key Responsibilities:
Incident Response Leadership & Operations
- Lead the coordination, investigation, management, and resolution of cyber security incidents across FWD Group and its business units.
- Oversee the delivery and performance of the Level 3 (L3) Incident Response team, ensuring adherence to defined SLAs and SLOs.
- Allocate and manage team workloads effectively while tracking tasks delegated by the Pillar Head of Security Monitoring & Incident Response.
- Manage escalated security incidents and coordinate investigations involving both internal stakeholders and external service providers.
- Ensure timely and effective remediation, containment, and closure of security incidents.
- Conduct root cause analysis and recommend corrective actions to prevent recurrence.
- Lead communications and coordination efforts with business units throughout the incident lifecycle.
Monitoring & Detection Enhancement
- Partner with Level 1 (L1) and Level 2 (L2) Security Monitoring service providers to improve monitoring, triage, investigation, and escalation capabilities.
- Utilize existing detection and response technologies to proactively identify, assess, and address potential security threats.
- Continuously improve cyber threat detection, contextualization, monitoring, and response capabilities through automation and orchestration.
- Collaborate closely with the Threat Intelligence function to enhance incident response effectiveness and threat mitigation efforts.
Threat Analysis & Security Improvement
- Analyze threat intelligence findings and coordinate preventive, detective, and responsive actions across relevant teams and business units.
- Perform detailed malware analysis and investigate suspicious or potentially malicious activities within the organization.
- Evaluate emerging cyber security threats, technologies, and industry best practices, providing recommendations for adoption and enhancement.
- Coordinate cyber security testing activities and provide remediation guidance where necessary.
Process Development & Knowledge Management
- Develop, maintain, and enhance incident response SOPs, playbooks, knowledge repositories, and operational procedures.
- Establish and refine cyber incident management, monitoring, and response frameworks leveraging automation and available technologies.
- Promote continuous improvement initiatives that enhance overall incident response effectiveness and operational efficiency.
- Coach and mentor Business Unit IT Security Leads and junior team members on incident response processes, tools, and best practices.
- Drive knowledge-sharing initiatives to strengthen cyber security awareness and capabilities across the organization.
Key Performance Indicators (KPIs)
- Timely and effective management of cyber security incidents within agreed service levels.
- Successful implementation of transformation and enhancement initiatives that improve incident response and monitoring capabilities.
- Continuous advancement of cyber incident monitoring, contextualization, and response processes through automation and technology adoption.
- Achievement of operational excellence while contributing to broader organizational goals and fostering cross-functional collaboration.
Qualifications & Experience:
- Bachelor's Degree in Information Technology, Cyber Security, Computer Science, or a related discipline.
- Minimum 6 years of experience in Cyber Security Incident Management or Incident Response.
- Hands-on experience managing cyber security incidents in an operational environment.
- Experience leading investigations and coordinating incident response activities across multiple stakeholders.
- Strong understanding of cyber security technologies, attack methodologies, and incident handling processes.
- Regional or multi-country cyber security experience.
- Previous team leadership or people management experience.
- Professional certifications such as:
o EC-Council Computer Hacking Forensic Investigator (CHFI)
o GIAC Certified Incident Handler (GCIH)
o GIAC Reverse Engineering Malware (GREM)
o GIAC Certified Forensic Analyst (GCFA)
- Certifications in CrowdStrike or Carbon Black EDR solutions.
- Experience with Splunk and QRadar SIEM platforms.
- Experience in programming or scripting languages.
Technical Skills & Knowledge:
- Strong understanding of Advanced Persistent Threats (APTs), attack techniques, tools, and adversary methodologies.
- Expertise in incident response, digital forensics, malware analysis, and threat investigations.
- Knowledge of penetration testing methodologies and security assessment practices.
- Experience with security technologies including:
o SIEM
o EDR/EPP
o IDS/IPS
o Firewalls
o DLP
o Proxy solutions
o Antivirus and anti-malware platforms
- Strong knowledge of networking concepts, TCP/IP protocols, and traffic analysis.
- Experience performing log analysis, activity reviews, packet capture analysis, and intrusion investigations.