Incident Manager - Cyber Defense

Lead the Security Incident Response function within the Cyber Defense Center, ensuring timely detection, investigation, containment, recovery, and reporting of cyber incidents. Act as the SME for incident management, drive response maturity, support regulatory compliance, and safeguard the bank’s digital assets and reputation.

Responsibilities

• Lead end-to-end handling of major security incidents and crisis situations.
• Coordinate SOC, Technology, Business (LOD1), Compliance/Risk (LOD2), and Internal Audit (LOD3).
• Provide technical insights and updates to senior leadership and Crisis Management Team.
• Ensure effective investigation, root cause analysis, containment, recovery, and post-incident reporting.
• Own and enhance the Security Incident Response framework aligned with regulatory and business requirements.
• Develop and maintain policies, playbooks, and procedures based on standards such as NIST 800-61, ISO 27035, PCI, CERT.
• Define, track, and report KPIs/KRIs for incident response performance.
• Confirm adequacy of controls against internal policies and regulatory expectations.
• Conduct post-incident reviews and implement lessons learned.
• Drive automation initiatives across SIEM/SOAR platforms to improve response efficiency.
• Review and approve SIEM/SOAR use cases and playbooks.
• Strengthen overall cyber resilience and SOC maturity.
• Interface with Head Office, Local CISOs, regulators, and supervisory bodies.
• Ensure compliance with cybersecurity standards and banking regulations (UAE/BFSI preferred).
• Provide training and mentorship to SOC and incident response teams.
• 12+ years in Information Security, with 6–8+ years focused on Security Incident Response.
• Proven leadership experience within SOC / Cyber Defense Center.
• Experience in BFSI domain strongly preferred.

Requirements

• Hands-on experience with SIEM/SOAR platforms (e.g., Microsoft Sentinel, ArcSight).
• Strong knowledge of SOC operations, threat monitoring, detection engineering, and response workflows.
• Deep understanding of incident response frameworks and regulatory compliance requirements.
• Experience with KPI reporting, governance, risk assessment, and control validation.
• Strong analytical and critical thinking abilities under pressure.
• Excellent stakeholder communication and crisis management skills.
• Ability to prioritize high-impact incidents and drive them to closure.
• Focus on automation, innovation, and measurable outcomes.
• Degree in Computer Science or related technical field.
• Relevant certifications preferred: CISSP, CISM, GCIH, CEH, FOR608 or equivalent.