Senior Manager, Group Information Security (Cyber Security Incident Response - IR Team Lead)

About FWD Group

FWD Group is a pan-Asian life and health insurance business that serves approximately 30 million customers across 10 markets, including BRI Life in Indonesia. FWD’s customer-led and tech-enabled approach aims to deliver innovative propositions, easy-to-understand products and a simpler insurance experience. Established in 2013, the company operates in some of the fastest-growing insurance markets in the world with a vision of changing the way people feel about insurance. FWD Group is listed on the Main Board of The Stock Exchange of Hong Kong Limited under the stock code 1828.

For more information, please visit www.fwd.com

FWD Technology and Innovation Malaysia Sdn. Bhd., known as FWD TIM, was established in late 2019. Strategically located in Kuala Lumpur, FWD TIM serves as a pivotal shared service location within FWD Group, providing services to multiple markets across the Group. FWD TIM houses a diverse and talented workforce focused on essential business and technology services such as information security, cloud operations, IT solutions delivery, digital and data, actuarial, finance, investments, and customer service, among many others. FWD TIM is dedicated to drive and deliver operational excellence and efficiency, foster innovation and ensure regulatory compliance across all business functions as well as maintain a competitive edge in the market.

PURPOSE

• Position of IR Team Lead

• Most senior incident responder with subject matter expertise

• Supports the pillar head of Security Monitoring and Incident Response in leading the Incident Response sub-function

• Provide visibility to the pillar head of Security Monitoring and Incident Response on the day to day operations of the team

• Lead the coordination, investigation, management, and resolution of a broad range of cyber-security incidents for FWD Group including all markets.

• Establishes processes and SOPs.

• Proactively identify, propose and drive the transformation and enhancement projects through the management and collaboration with relevant internal teams and external solutions providers to continuously improve the Group Cyber Security Incident Response Management, Detection and Monitoring processes and SOPs, performed by internal teams and vendors, leveraging automation and technologies available.

• Build knowledge and coach Business Units IT Security leads, to understand their role in Cyber Incident Management.

KEY ACCOUNTABILITIES

• Work with L1 and L2 Security Monitoring service providers to ensure L1/L2 resolutions meet the expected SLA and to enhance their monitoring, triage investigation processes capabilities prior to escalation.

• Oversee delivery of the L3 incident response team and ensure that they meet incident response SLA’s and SLO’s.

• Ensure L3 IR team is assigned tasks efficiently and keep track of work delegated from pillar head of SM&IR

• Coordinate IR functions with other related functions included that of Threat Intelligence, in collaboration with Threat Intelligence lead

• Investigate incident response cases to identify root cause, and coordinate with multiple internal teams and external solutions providers to remediate and resolve issues on a timely manner and effectively.

• Leverage detection and response solutions in place, to further assess and proactively address any escalated potential incidents

• Identify and drive continuous improvement of FWD Cyber Incident detection, contextualization and response processes and tools, leveraging automation and orchestration where possible

• Manage and coordinate potential incidents escalations, for investigation, along with any required internal or external stakeholders

• Lead and manage the communication and coordination of Cyber Security Incident response actions with Business Units and ensure smooth and proper closure of the Incident Response cases

• Analyze the findings of Threat Intelligence and work with relevant internal teams and Business Units to coordinate and/or execute actions to ensure FWD Group prevention, detection and response capabilities setup is maximized against those new threats.

• Perform in-depth analysis of malware or other potential malicious processes or software identified in the organization

• Coordinate and manage Cyber Security testing activities, and provide advice on remediation

• Develop, document and maintain SOPs and knowledge base for cyber security services relating to incident response, intelligence analysis, evidence acquisition, forensics recovery, and others

• Continuous knowledge improvement in tools and best practices in Cyber Security threat monitoring and incident response, including contextualization and automation

• Evaluate new emerging Cyber Security technologies and make recommendations for adoption within FWD Group

KEY PERFORMANCE INDICATORS

• Timely and accurate coordination and management of all incident response cases within SLA for self and the rest of the team

• Successful implementation of transformation and improvement initiatives to enhance Incident Response Management and Monitoring capabilities, with the support of Group IT Security Engineering teams

• Evolve Cyber Incident Monitoring, Contextualization and Response processes and SOPs, leveraging automation and technologies available

• Doing things right, creating synergies for the overall FWD goals and objectives, along with a people first approach

EXTERNAL & INTERNAL CONTACTS

• Group CISO

• Pillar lead of Information Security Monitoring and Incident Response (lead of Cyber Fusion Centre)

• Threat Intelligence lead (peer)

• Security Operations Centre lead (peer)

• Group IT and IT Security Teams

• Business Units IT and IT Security Teams

• IT Vendors and/or Service Providers

QUALIFICATIONS / EXPERIENCE

• Minimum 6 years working experience in Cyber Security Incident Management

• Degree from Information Technology or equivalent discipline

• Desirable Certifications on: ECCouncil Computer Hacking Forensics Investigator (CHFI), GIAC Certified Incident Handler (GCIH), GIAC Reverse Engineering

• Malware (GREM), GIAC Certified Forensic Analyst (GCFA)

• Regional experience in this role is preferred

• Experience in a team lead role desired

KNOWLEDGE & TECHNICAL SKILLS

• Able to train less experienced L1 and L3 team members to transfer skills and knowledge

• Excellent knowledge of Advanced Persistent Threats, attack tools, techniques, and methods used by adversaries

• Excellent knowledge of penetration testing services and techniques.

• Excellent written and verbal communication skills and ability to perform working under pressure (IT Security Incidents)

• Excellent management and coordination skills with solid influencing skills to drive remediation, resolution and changes in a regional and multicultural environment 

• Ability to define, prioritize and execute process in a structured manner

• Experience in an operational capacity as part of IT Security incident response function

• Experience with networking and TCP/IP traffic, along with firewall, SIEM, IPS, EPP, EDR, APT, DLP, proxy, antivirus, anti-spam and spyware solutions.

• Experience conducting log and activity review, along with stream or packet capture, in support of intrusion analysis.

• Desirable: Certification in Crowdstrike or Carbonblack EDR solutions.

• Desirable: Experience on Splunk and QRadar SIEM solutions

• Desirable: Experience with a programming/scripting language

COMPETENCIES

• Operational management skills

• Incident Response management

• Technical leader