Head of Cyber Security Operations - London

 

 

 

The role holder will be a technical IT security professional with excellent hands on skills.  Experienced in managing and operating a cyber security operations centre (SOC) comprising of range of security systems and controls. The role holder will be a subject matter expert on security operations and lead a small team of analysts and an outsourced monitoring service provider to provide the services required.  They will have strong personal ethics and be able to operate to a high standard in a highly dynamic environment.

 

Key Responsibilities

 

Management

● Operate, maintain and enhance the SOC in accordance within defined operational process, procedures and guidelines.  This includes:

     o Maintenance and use of the SIEM system and other core security technologies

     o Commercial and operational relationship with managed service monitoring provider

     o Interface with technology teams on design and operational issues

     o Creation and maintenance of incident playbooks, including enhancements through exercises

     o Defining and reporting against KPIs and KRIs

● Manage the team’s day-to-day work, manage rotas and shifts as required, monitor work processes and quality, measure operational performance, recruit, coach and train

● Ensure the SOC has the capability and undertakes monitoring of logs, alerts, security and change events to identify suspicious events and incidents for investigation and escalation, including intrusion, malware infection, access violations, denial of service, social engineering, defacement and other criminal activity

● Participating in project and change efforts to ensure SOC’s requirements are satisfied by new and amended systems and business processes

● Provide 24/7/365 capability to respond to critical security events and incidents

● Maintain current skills and knowledge as per the role of the SOC as part of an ongoing training and development programme

 

People

● Recruit, train and employ high calibre employees within budget, headcount levels and temporary resource requirements

● Coach, mentor, and develop staff, including overseeing new employee onboarding and providing career development planning and opportunities

● Provide oversight and direction to employees in accordance with the firm's policies, procedures, standards and SLAs

● Ensure that an effective performance review is operated in line with department guidelines, including setting objectives, personal development planning and performance standards with all direct reports 

● Develop a culture of performance management, improvement and appraisal as a foundation for excellent organisational performance

● Manage all departmental HR issues including monitoring absenteeism, and managing any capability and disciplinary issues

● Ensure that team members complete training when required and are kept abreast of any internal communications 

 

Service Delivery Management

● Manage the security infrastructure comprising of IDS/IPS, email/web filtering, deep packet inspection and all other security controls and systems operated by Information Security team

● Provide oversight of security controls operated by the Infrastructure and Operations team

● Ensure that appropriate detective and protective controls are in place, configured, tuned, and maintained operational

● Monitor the SOC operational environment to ensure that it is operating effectively

● Provide ongoing assurance and reporting that all SOC technical and procedural controls are operating effectively

● Undertake formal periodic risk based reviews of the security controls, build standards, operational controls, adherence to policy, process and procedures

● Provide 3rd line operational support for a number of user facing security controls within core business hours

● Evaluate and assess the impact of changes to the security control and operational environment to ensure the SOC remains effective

● Manage the day-to-day tactical operations of the SOC and lead the strategic development of it

 

Threat and Vulnerability Management

● Provide ongoing assurance and reporting that all technical and procedural security controls are operating effectively

● Maintain a holistic view of the threats and vulnerabilities presented to the business, internal, external, business partner and customers

 

Incident Management

● Own cyber technical incident management for the Bank.

● Ensure security logs and events are analysed, correlated from all necessary sources

● Ensure timely responses to threats and incidents identified, using a risk-based approach

● Ensure management, triage, prioritisation and escalation of security incidents is in accordance with best practise incident management policies, processes and procedures

● Act as the primary contact and initial escalation point for the SOC

● Maintain strong relationships with parties who affect the security posture of the business and who are contacts or escalation points for incident handling

 

Consultancy

● Act as the primary contact and representative for IT security on internal project and technical forums

● Provide expertise on all facets of information security within information technology and the business as part of business-as-usual and within change programmes, either independently or embedded within a project team

 

Risk & Compliance

● Ensure that all Governance and Compliance requirements are adhered to and all reporting and reviewing activities required by the Regulatory Bodies are carried out to the standards required.

 

 

Essential

● Security Incident Response Team leadership

● Vulnerability and threat management

● Incident management

● Deep technical knowledge of network and application security controls operational in complex environments

● Strong Technical skills in the following technologies

     o SIEM System operation and analytics

     o Intrusion Detection and Prevention 

     o Firewalls

     o Load balancers, routers and Switches

     o Wired and Wireless infrastructures

     o Email/Web filtering technologies

     o Virtualised environments / Cloud

     o Deep Packet Analysis Tools

     o Anti Malware Systems / Solution

     o Strong network traffic and log analysis skills

     o Malware analysis skills

     o Computer Forensics

● Experienced in the selection and implementation of appropriate information security controls

● Good written and verbal communication skills

● Process and Procedure writing

 

 

● Line management experience 

● Strong Windows/Linux platform operating systems skills

● Network and Application Vulnerability assessments and penetration Testing 

● Scripting Experience

● ITIL Service Management

● Knowledgeable and experienced in compliance with Information Security standards such as ISO27001 & PCI-DSS.

● Knowledgeable about the legal and regulatory requirements for information security

● Information Security Risk Assessment 

● Undertaking Business Impact Assessments

 

 

Essential

     Security Industry Relevant Certification

 

Preferred

     CISSP, CISM or equivalent certification