Assistant Manager - Cyber Security

Assistant Manager - Cyber Security

Responsibilities

SOC Executive

Incident Management & Response Execution:

Support and oversee the end-to-end incident management process, ensuring security events are identified, escalated, and addressed in a timely manner.

Assist in the development and execution of incident response plans, ensuring alignment with industry best practices and regulatory requirements.

Manage the SOC’s response to high-severity security incidents, ensuring appropriate escalation and mitigation actions are taken.

Ensure effective coordination between SOC teams, IT, legal, and compliance during security events and post-incident activities.

Monitor and support the root cause analysis and remediation efforts to prevent incident recurrence.

Assist in the execution of incident response drills, tabletop exercises, and training programs to improve preparedness.

SOC Engineering & Technology Management:

Manage and oversee the deployment, configuration, and optimization of security technologies such as SIEM, IDS/IPS, EDR, SOAR, and firewalls.

Assist in evaluating and integrating new security technologies, ensuring alignment with SOC objectives and threat detection capabilities.

Support efforts to enhance security monitoring, automation, and alerting mechanisms, improving operational efficiency.

Oversee the maintenance and continuous improvement of security infrastructure, ensuring systems are updated and operating effectively.

Execute initiatives to optimize security tools, fine-tune detection mechanisms, and reduce false positives.

Manage vendor relationships and assist in evaluating third-party security solutions.

Incident Detection & Analysis Support:

Oversee the analysis, classification, and triage of security incidents, ensuring proper prioritization and execution of response activities.

Support the investigation of security incidents, ensuring that threats are contained and remediated effectively.

Assist in managing and fine-tuning threat intelligence processes, ensuring the SOC remains proactive in identifying emerging risks.

Ensure forensic analysis and evidence collection follow industry best practices to support legal and compliance requirements.

Communication, Compliance & Reporting:

Manage and support communication between SOC teams, senior leadership, and external stakeholders during security incidents.

Ensure timely and accurate reporting of security incidents, providing insights into trends, risks, and response effectiveness.

Assist in the execution of post-incident reviews and lessons learned exercises, identifying areas for improvement.

Support compliance efforts by ensuring adherence to NIST, ISO 27001, GDPR, PCI-DSS, and other relevant security frameworks.

Oversee the documentation of incident reports, security policies, procedures, and operational workflows.

Process Improvement & Operational Execution:

Manage and oversee the refinement of SOC processes, workflows, and response strategies to improve efficiency and effectiveness.

Assist in developing and executing automation initiatives to enhance SOC capabilities and reduce response times.

Ensure continuous improvements in incident detection, investigation, and mitigation strategies.

Oversee and support performance monitoring and health checks of SOC tools and technologies.

Key Stakeholders - Internal

Executive Leadership

Department Heads

Incident Response Team

Network Security Team

Risk Management Teams

Legal & Compliance

IT Team

HR and Training Teams

Communications/PR Team

End Users (Employees/Staff)

Key Stakeholders - External

Managed Security Service Providers (MSSPs)

External Incident Response

Third-Party Vendors

Regulatory Bodies

External Auditors

Legal Advisors

Law Enforcement Agencies

Cybersecurity Consultants

Cloud Service Providers

Qualifications

Educational Qualification:

Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.

Advanced degree (e.g., Master's, MBA) in Cybersecurity, Information Assurance, or a relevant discipline is highly desirable.

Certification:

Relevant certifications such as CISSP, CISM, GIAC, or other incident response-related certifications are highly desirable.

Work Experience (Range of years):

5+ years of experience in security operations or incident management, with at least 2 years in a leadership or supervisory role.