Incident Response Manager

Role: Incident Response Manager

Location: Abu Dhabi

Role purpose:

• The Incident Response Manager will lead the Cyber Security Incident Response unit, oversee its day-to-day operations and manage the SOC shifts. 
• This role requires collaboration with various internal teams and departments, as well as external partners and cybersecurity agencies, to ensure an effective and timely response to all security incidents. 
• The manager must demonstrate strong leadership skills, encourage teamwork, optimize team performance, and develop incident response strategies. 
• Additionally, this position demands hands-on expertise in handling complex L3 security incidents from detection to disposition, including leveraging AI-driven threat detection and automated incident response tools. 
• The role also requires strong crisis management and stakeholder communication skills to effectively coordinate during high-impact security events.

Key accountabilities of the role:

Leadership and strategy:

• Lead the Cyber Security Incident Response unit, managing both the day-to-day operations and the strategic development of incident response capabilities.
• Develop, oversee, and refine incident response plans, playbooks, and strategies to ensure rapid and effective response to security breaches.
• Maintain and enhance information security monitoring processes, tools, and technologies, driving continuous improvements and reducing gaps between current and ideal states.
• Demonstrate adaptability and innovation to address evolving threat landscapes, continuously enhancing the response approach.
• Incident Management:
• Directly handle L3 security incidents, overseeing their detection, analysis, containment, and resolution.
• Supervise the staff’s utilization of security monitoring tools and ensure high levels of team performance and engagement.
• Coordinate with threat intelligence, monitoring teams, and other security functions to effectively communicate incident findings to leadership and relevant stakeholders.
• Implement and maintain robust incident response frameworks, including industry standards such as NIST, MITRE ATT&CK, and best practices for coordinated response efforts.
• Prepare and present post-incident reports, including lessons learned and recommendations for preventive measures, to executive management.
• Experience in crisis management and business continuity planning.

Operational efficiency:

• Manage SOC shift schedules to ensure 24/7 coverage and effective resource utilization.
• Provide detailed reports on incident investigations, root cause analyses, and mitigation strategies, contributing to the organization’s continuous improvement efforts.
• Develop and track key performance metrics for incident management and response, reporting outcomes to senior management.
• Maintain strong relationships with internal and external stakeholders to support the incident, problem, and change management cycles.
• Facilitate effective communication during incidents, ensuring that stakeholders are informed of progress and resolution steps.      

Specialist skills / technical knowledge required for this role:

• Proven experience in managing security operations centers and incident response teams.
• Demonstrated capability in hands-on management of L3 security incidents from detection through to disposition.
• Strong leadership skills with the ability to motivate and guide teams.
• Expertise in information security principles, the cyber threat landscape, and incident response protocols.
• Excellent communication and interpersonal skills to interact with various business units and IT departments.
• Knowledge of ISO 27001, NESA, PCI DSS, SWIFT, and other information security standards and regulations.
• Familiarity with incident response frameworks (NIST, MITRE ATT&CK) and best practices in managing cybersecurity incidents.
• Ability to manage multiple tasks with high attention to detail and organizational skills.
• Bachelor’s degree in engineering, IT, or a related technical discipline.
• Relevant certifications in cybersecurity and incident management (e.g., CISSP, CISM, GCFA, GCIH).

Previous Experience:  

• More than 10+ years of experience in information security, particularly in incident management and response within banks or financial institutions.
• Strong experience in monitoring and incident handling techniques and tools.
• Experience managing a Computer Incident Response Team (CIRT), Computer Security Incident Response Center (CSIRC), or Security Operations Center (SOC).
• Executive experience including management-level discussions.