Purpose & Overall Relevance for the Organization:
Protect the enterprise against potential cyber-attacks. Play a key leadership role in all CSIRT (Cyber Security Incident Response Team) activities, responding to potential security incidents and proactively implementing detection/avoidance mechanisms.
The Senior Manager Cyber Security Incident Response proactively contributes to the safety and security of the digital ecosystem by providing expertise, consultancy and strategic advice. The aim is to safeguard the company’s brand and assets by ensuring the continuity of IT services.
- Understands and complies with relevant organizational policies and procedures, taking responsibility for assessing and managing risks around the use of information.
- Ensures that information is presented effectively.
- Ensures that effective controls are in place for internal delegation, audit and control and that the board receives timely reports and advice that will inform their decisions.
- Communicates information security risks and issues to business managers and others.
- Performs basic risk assessments for small information systems.
- Contributes to vulnerability assessments.
- Applies and maintains specific security controls as required by organisational policy and local risk assessments.
- Takes action to respond to security breaches in line with security policy and records the incidents and action taken.
- Interprets information assurance and security policies and applies these in order to manage risks.
- Provides advice and guidance to ensure adoption of and adherence to information assurance architectures, strategies, policies, standards and guidelines.
- Uses testing to support information assurance.
- Contributes to the development of policies, standards and guidelines.
Research and training
- Participate in training and research to ensure that technical skill set stays current with modern practices and methodologies. This should include conferences and online training as well as knowledge transfer to the team via internal training, documentation and process development and maintenance.
- Within given research goals, builds on and refines appropriate outline ideas for research, i.e. evaluation, development, demonstration and implementation.
- Uses available resources to gain an up-to-date knowledge of any relevant field.
- Reports on work carried out and may contribute sections of material of publication quality.
Business process improvement
- Analyses business processes; identifies alternative solutions, assesses feasibility, and recommends new approaches.
- Contributes to evaluating the factors which must be addressed in the change program.
- Helps establish requirements for the implementation of changes in the business process.
Requirements definition and management
- Facilitates scoping and business priority-setting for change initiatives of medium size and complexity.
- Contributes to selection of the most appropriate means of representing business requirements in the context of a specific change initiative, ensuring traceability back to source.
- Discovers and analyses requirements for fitness for purpose as well as adherence to business objectives and consistency, challenging positively as appropriate.
- Obtains formal agreement by stakeholders and recipients to scope and requirements and establishes a base-line on which delivery of a solution can commence.
- Manages requests for and the application of changes to base-lined requirements. Identifies the impact on business requirements of interim (e.g. migration) scenarios as well as the required end position.
Business process testing
- Specifies and develops test scenarios to test that new/updated processes deliver improved ways of working for the end user at the same time as delivering efficiencies and planned business benefits.
- Records and analyses test results, and reports any unexpected or unsatisfactory outcomes.
- Uses test plans and outcomes to specify user instructions.
- Maintains security administration processes and checks that all requests for support are dealt with according to agreed procedures.
- Provides guidance in defining access rights and privileges.
- Investigates security breaches in accordance with established procedures and recommends required actions and supports / follows up to ensure these are implemented.
- Maintains current knowledge of malware attacks, and other cyber security threats.
- Creates test cases using in-depth technical analysis of risks and typical vulnerabilities.
- Produces test scripts, materials and test packs to test new and existing software or services.
- Specifies requirements for environment, data, resources and tools. Interprets, executes and documents complex test scripts using agreed methods and standards.
- Initiates and monitors actions to investigate and resolve problems in systems, processes and services.
- Determines problem fixes/remedies.
- Assists with the implementation of agreed remedies and preventative measures.
- Prioritises and diagnoses incidents according to agreed procedures.
- Investigates causes of incidents and seeks resolution.
- Escalates unresolved incidents.
- Facilitates recovery, following resolution of incidents.
- Documents and closes resolved incidents according to agreed procedures.
- Contributes to digital forensic investigations.
- Processes and analyses computer evidence in line with policy, standards and guideline and supports production of forensics findings and reports.
- Implements stakeholder engagement/ communications plans, including, for example; handling of complaints; problems and issues; managing resolutions; corrective actions and lessons learned; collection and dissemination of relevant information.
- Uses feedback from customers and stakeholders to help measure effectiveness of stakeholder management. Helps develop and enhance customer and stakeholder relationships.
- Provide technical support and work closely with different departments for running Security Awareness Program
- Global IT
- IT Senior Management Team (SVP/VP)
- Respective business function (GOPS, Finance, HR, Brand Marketing, Wholesale/Retail)
- Business and IT program and project managers
- HR Management
- Legal and Compliance
- Data Protection
Knowledge, Skills and Abilities:
- Pro-active (engaging & impact-oriented) mindset, ability to think end-to-end.
- Business- and solution-oriented, global mindset of strategic orientation, with ability to act tactically as required.
- Ability to be self-directed while working under tight deadlines, must be able to perform well under pressure.
- Ability to work in a fast-paced environment with different international cultures.
- Ability to define problems, collect data, establish facts, carry out logical analysis, and draw valid conclusions.
- Ability to cope with change, make decisions and act comfortably with risk and uncertainty
- Extensive knowledge of incident response and digital forensics
- Experience with standards work in security, such as ISO, ANSI, IETF, etc.
- Substantial knowledge of information security practices and technology
- Knowledge of internetworking, including TCP/IP, IPsec, routers, IP internetwork configuration and application
- Basic level of understanding in Compliance (PCI, CoBIT)
- Good Project management skills
Requisite Education and Experience / Minimum Qualifications:
- Graduate degree in computer or electrical engineering, mathematics, computer science, Information Security, Business Informatics or similar
- At least 8 years working experience in Information Security, with focus in Security Incident Response, Forensics, - and Cyber Security investigations
- CISSP, GCIH, GPEN, GMON, CEH or similar certification is desired
- At least 5 years’ experience in digital forensics