Job Purpose Statement
The Manager, SOC is responsible for continuous monitoring of technology assets for security incidents impacting the confidentiality, integrity, and availability of systems across the Bank. This role drives the overall security monitoring and incident response program, including implementing policies and procedures, and ensuring effective response, containment, and recovery from security incidents or breaches.
Key Accountabilities (Duties and Responsibilities)
Security Monitoring (40%)
Lead and manage the SOC team, ensuring correct identification, analysis, defense, investigation, and reporting of security incidents.
Monitor and analyze activity on networks, servers, endpoints, databases, applications, websites, and other systems for anomalous activity.
Perform threat management and threat modeling, identify threat vectors, and develop use cases for security monitoring.
Ensure continuous integration of logs from technology assets into the SIEM to meet security use cases.
Cyber Incident Response (30%)
Manage the cyber incident response plan and respond to incidents in accordance with the plan.
Communicate and escalate effectively during incident response.
Serve as the focal point of contact for cyber incidents and continuously improve the response plan.
Information Security Policies & Procedures (20%)
Develop and maintain Information Security policies, procedures, and SOPs related to the SOC and incident response.
Develop regular metrics, dashboards, and reports for SOC operations for various stakeholders.
Develop SOC performance management tools and ensure compliance with SLAs and process adherence.
People Leadership (10%)
Provide leadership, mentorship, and performance management for direct reports.
Maintain positive working relationships with internal teams and outsourced partners for incident remediation.
Direct and supervise the work of personnel and/or contractors assigned to the department.
Job Specifications
Ideal Job Specifications:
Academic:
Bachelor's Degree in Information Systems, Computer Science, Information Security, or related field.
Professional:
Relevant certifications in Information Security knowledge areas, such as security monitoring, threat intelligence, and Information Security Management. Experience in security device management, SIEM, IPS/IDS, DLP, Active Directory, and other security technologies. In-depth familiarity with security policies based on industry standards and best practices. Strong knowledge of technical infrastructure including operating systems, networks, databases, middleware, etc. Good knowledge of End Point Security, Internet Policy Enforcement, Firewalls, Web Content Filtering, Database Activity Monitoring (DAM), Data Loss Prevention (DLP), Identity and Access Management (IAM). Proficient in reports, dashboards, and documentation preparation.
Job Dimensions
Reporting Relationships:
Direct Reports: Cyber SOC Analysts (3)
Indirect Reports: None
Stakeholder Management:
Internal: IT Department, Enterprise & Compliance Risk Department, Internal Audit
External: Managed Services partners, External Auditors, Regulators
Decision Making Authority:
Operational: Continuous Monitoring & Incident Response
Managerial: Vendor management
Work Cycle and Impact:
Planning horizon: 6-12 months