Security Operations Manager

Synopsis

The role is subject matter expert in cybersecurity operations team responsible for specific operations security services defined as part of the security operations service catalogue and delivered by the Managed Security Services provider and in-house. The Security Operations Manager manages the technical delivery of supplier provided Security Operations services to agreed service levels and standards. This role has a specific focus on Security Operations Centre services. Additionally, the role is part of the Security Operations team more generally and oversees the day-to-day information security operations, including monitoring, analysis, detection and escalation of Information security risks and threats.

Accountabilities

• Manage the technical delivery of security services by the managed security services providers. Specifically:
• Security Operations Centre
• Incident response
• Serve as the key point of contact for information security operational requests.
• Review supplier provided reports and ensure adherence to agreed SLAs.
• Ensure effectiveness of security services provided by the managed services provider for detection, prevention, protection and remediation of security incidents.
• May be required to work as part of the incident response team on a 24x7x365 on an exceptional basis.
• Ensure the enforcement of information security controls to Etihad security standards, policies and regulatory requirements by the managed services provider.
• Provide support for information security investigation requests.
• Report status of information security situational awareness as requested.
• Ensure that the service provider applies security policies, requirements and controls to all supported platforms.
• Manage security services providers, to define and document security procedures and configurations.
• Internal stakeholder management, providing information up to Head of Cybersecurity and Head of Technical Systems on escalations and resolution progress; respond to stakeholder queries on information security operations.
• External stakeholder management, account Managers of managed service providers and suppliers and delivery personnel of managed service providers and suppliers.

Education & Experience

• Deep knowledge and experience of Secure Services Edge (SSE) technologies and Processes.
• A minimum of 7-10 years of experience in Cybersecurity. CISSP certification
• Knowledge of and experience with Security Operations Centre environment
• Understanding of ISO27001, NIST, UAE Govt Cybersecurity standards, international and local regulations pertaining to Information Security and data privacy.
• Proficiency in industry standard Service Management Operations principles: Incident Management, Vulnerability Management, Change Management etc.
• Ability to manage execution of projects by security services providers and internal teams.
• Very good written and oral communication skills required.
• Graduate degree in Computer Science, Management Information Systems or equivalent industry experience.
• Industry and domain certifications such as Certified Information Systems Security Professional (CISSP), Global Information Security Assurance Professional (GIAC), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC) or equivalent.