JOB PURPOSE

To oversee and manage the Security Operations Center (SOC) related activities including, threat monitoring, triage and response to develop detailed root cause analysis and escalate for emergency response as per the approved process.

Security Incident Response Management

1.Provide management oversight for the identification, triage and response of events or incidents of apparent security breaches to maintain the security posture.

2.Conduct Security event analysis reporting on activities through regular scheduled reporting and communications in order to highlight the main incidents and events.

3.Identify and handle incidents, which need special attention or escalation to secure the overall bank’s security and mitigate potential risks.

4.Direct the creation and maintenance of incident response run books of the Analysts team run-books.

5.Act as a lead throughout incident scenarios and provide subject matter expertise in cybersecurity incident response to facilitate the investigation and root cause analysis.

6.Ensure proper reporting for daily, monthly, quarterly and annual security posture, SOC and executive reporting and dashboards.

7.Recommend security solutions based on security postures and gaps identified.

8.Manage communication with other departments to facilitate investigation process.

9.Develop and update SLA between SOC and other departments when required and maintainSLA.

Strategy

10.Participate in the formulation and implementation of the Security Operations Center Department strategy to ensure the alignment with CIB strategy

Policies, Processes and Procedures

11.Participate and recommend improvements to policies, processes and procedures and manage their implementation to ensure all relevant procedural/legislative requirements are carried out.

Day-to-day Management

12.Supervise the day to day operations of the Incident Management & Response team providing some guidance in the related area, encouraging teamwork and facilitating related professional work processes in order to achieve high performance standards

Supervision

13.Supervise the activities and work of subordinates to ensure that all work within a specific area is carried out in an efficient manner and in compliance with the set policies, processes and procedures

Compliance

14.Ensure compliance with all relevant CBE regulations, banking laws, AML regulations and internal CIB policies and code of conduct in order to maintain CIB’s sound legal position and mitigate any potential risks

Qualifications & Experience

·Bachelor’s degree of Engineering, Computer Science or equivalent

·Minimum 8 - 10 years of experience in IT Security or related fields

·Strong understanding of incident handling procedures

·Experience with packet and log analysis using commercial and open source tools

·Recommended Certifications:

oCertified Information Systems Security Professional (CISSP)

oCertified Information Security Manager (CISM)

·Mandatory Certification:

oGIAC Certified Incident Handling (GCIH)

Skills

·Very good command of English and Arabic language

·Very good Analytical skills

·Very good Communication skills

Very good MS Office skills