Purpose

Protect the enterprise against potential cyber-attacks. Play a key role in all CSIRT (Cyber Security Incident Response Team) activities, responding to potential security incidents and proactively implementing detection/avoidance mechanisms.

The Manager Cyber Security Incident Response proactively contributes to the safety and security of the digital ecosystem by providing expertise, consultancy and strategic advice. The aim is to safeguard the company’s brand and assets by ensuring the continuity of IT services.

Key Accountabilities

Information management

• Understands and complies with relevant organisational policies and procedures, taking responsibility for assessing and managing risks around the use of information.
• Ensures that information is presented effectively.
• Ensures that effective controls are in place for internal delegation, audit and control and that the board receives timely reports and advice that will inform their decisions.

Information security

• Communicates information security risks and issues to business managers and others.
• Performs basic risk assessments for small information systems.
• Contributes to vulnerability assessments.
• Applies and maintains specific security controls as required by organisational policy and local risk assessments.
• Takes action to respond to security breaches in line with security policy and records the incidents and action taken.

Research and training

• Participate in training and research to ensure that technical skill set stays current with modern practices and methodologies. This should include conferences and online training as well as knowledge transfer to the team via internal training, documentation and process development and maintenance.
• Within given research goals, builds on and refines appropriate outline ideas for research, i.e. evaluation, development, demonstration and implementation.
• Uses available resources to gain an up-to-date knowledge of any relevant field.
• Reports on work carried out and may contribute sections of material of publication quality.

Requirements definition and management

• Defines scope and business priorities for small-scale changes and may assist in larger scale scoping exercises.
• Elicits and discovers requirements from operational management and other stakeholders.
• Selects appropriate techniques for the elicitation of detailed requirements taking into account the nature of the required changes, established practice and the characteristics and culture of those providing the requirements.
• Specifies and documents business requirements as directed, ensuring traceability back to source.
• Analyses them for adherence to business objectives and for consistency, challenging positively as appropriate.
• Works with stakeholders to prioritise requirements.
• Security administration
• Investigates minor security breaches in accordance with established procedures.
• Assists users in defining their access rights and privileges.
• Performs non-standard security administration tasks and resolves security administration issues.
• Penetration testing
• Maintains current knowledge of malware attacks, and other cyber security threats.
• Creates test cases using in-depth technical analysis of risks and typical vulnerabilities.
• Produces test scripts, materials and test packs to test new and existing software or services.
• Specifies requirements for environment, data, resources and tools.
• Interprets, executes and documents complex test scripts using agreed methods and standards.
• Records and analyses actions and results.
• Reviews test results and modifies tests if necessary.
• Provides reports on progress, anomalies, risks and issues associated with the overall project.
• Reports on system quality and collects metrics on test cases.
• Provides specialist advice to support others.
• Problem management
• Investigates problems in systems, processes and services.
• Assists with the implementation of agreed remedies and preventative measures.
• Incident management
• Following agreed procedures, identifies, registers and categorises incidents.
• Gathers information to enable incident resolution and promptly allocates incidents as appropriate.
• Maintains records and advises relevant persons of actions taken.
• Digital forensics
• Contributes to digital forensic investigations.
• Processes and analyses computer evidence in line with policy, standards and guideline and supports production of forensics findings and reports.

Knowledge, Skills and Capabilities

• Pro-active (engaging & impact-oriented) mindset, ability to think end-to-end.
• Business- and solution-oriented, global mindset of strategic orientation, with ability to act tactically as required.
• Ability to be self-directed while working under tight deadlines, must be able to perform well under pressure.
• Ability to work in a fast-paced environment with different international cultures.
• Ability to define problems, collect data, establish facts, carry out logical analysis, and draw valid conclusions.
• Ability to cope with change, make decisions and act comfortably with risk and uncertainty
• Extensive knowledge of incident response and digital forensics
• Experience with standards work in security, such as ISO, ANSI, IETF, etc.
• Substantial knowledge of information security practices and technology
• Knowledge of internetworking, including TCP/IP, IPsec, routers, IP internetwork configuration and application
• Basic level of understanding in Compliance (PCI, CoBIT)
• Good Project management skills

Qualifications

1. Graduate degree in computer or electrical engineering, mathematics, computer science, Information Security, Business Informatics or similar
2. At least 5 years working experience in Information Security, with focus in Security Incident Response, Forensics, – and Cyber Security investigations
3. CISSP, GCIH, GPEN, GMON, CEH or similar certification is desired