Job Purpose:
- This role will provide strategic thinking for CDC, with a deep understanding of cybersecurity risks, Incident monitoring, detection and response methodologies
- This role defines Mashreq’s CERT strategy to manage a state-of-the-art CERT capability covering all Global locations Including UAE, EGYPT, NY, UK, Qatar, India, Pakistan etc.
- This role provides leadership and oversight of a 24 X 7 X 365 security operations team responsible for monitoring, detection and Incident management of security Incidents
- This role will lead a team of Cybersecurity professionals who perform intrusion monitoring, detection, triage, investigation, containment and notification as part of blue team activities
- This role will work with business and security leadership to build an operational threat model, services and response capabilities globally to enhance business ability to serve and protect our customer interests.
Key Result Areas:
Strategic Leadership and Oversight:
- Create strategic roadmap for Cyber Defense Center based on threats arising from emerging technologies
- Provide management and leadership for the team focused on monitoring and responding to the security incidents
- Oversee the execution of security strategies, policies, and procedures to address complex cybersecurity challenges, ease the frictions and enhance the overall collaboration with LOD-1, LOD-3 and other key stakeholders
Operational Excellence:
- Budgeting, demand management and capacity planning of Cyber defense operations
- Enhance capability uplift and maturity of SOC operations through automation and process improvement
- Ensure efficient and effective monitoring and response to security events received on SIEM platforms (Azure Sentinel & ArcSight preferred) from diverse sources such as FWs, IDS, IPS, AV, DAM, DLP, EDR etc.
- Drive improvements through threat detection, incident response, threat hunting in overall CDC operations.
- Enhance threat detection capabilities by leveraging Microsoft’s native KQL, automation and queries and reduce false positives
- Lead and drive cyber simulation and cyber drills to enhance detection and response capability of the organization
- Use case life cycle management including continuously enhancing / enriching the SIEM rules based on change in business requirements and threat landscape
- Liaise with GRC to comply with central bank submission requirements / timelines including that of regional regulatory authorities
- Represent and lead CDC organization while preparing and participating in internal and external audit
- Effectively manage security Incidents, involve relevant stake holders during crisis management situation.
Team Management and Development:
- Mentor and develop the CDC team, fostering a culture of continuous improvement and high performance.
- Manage the recruitment, training, and performance evaluation of team members, including direct and indirect reports
- Governance and oversight of vendor performance including tracking of SLA metrics and operational metrics
Strategic Collaboration & Communication:
- Collaborate with senior leadership across business groups including technology compliance, audit, and regulatory teams to ensure alignment with security requirements.
- Actively participate and contribute to business engagement meetings including that of relevant business specific updates from CDC’s standpoint
- Effectively communicate security posture and CDC Metrics.
- Represent the CDC in strategic discussions and coordinate with external stakeholders as necessary.
Process and Policy Enhancement:
- Oversee the design, implementation, and updating of security processes, policies, and procedures (SOPs, playbooks, runbooks) with a focus on best practices and regulatory compliance.
- Ensure the integration of new security technologies and the effective onboarding of new log sources.
- Preparedness in anticipation to any adverse situations, by means of relevant Play Books and procedures for various emerging threat scenarios
- Able to drive tabletop exercise, conduct cyber drills and prepare for simulations and wargaming scenarios.
Risk Management, Fraud Prevention, and Brand Reputation:
- Manage reputation of Mashreq brand in social media against any infringement activities in collaboration with Marketing communication group and other stakeholders
- Develop and implement comprehensive Cyber Defense & risk management strategies to protect organizational assets and brand reputation.
- Integrate with Offensive Security team to assess vulnerabilities, threats, and risks continuously, ensuring improvements and adaptation to emerging challenges.
- Proactively manage and mitigate risks to maintain customer trust and uphold the institution's reputation
Regulatory Compliance and Client Protection:
- Ensure all cybersecurity measures comply with financial regulations such as PCI-DSS, GDPR, NESA, and local banking regulations.
- Regularly review and update policies to remain aligned with evolving legal requirements on monitoring / sanctions, ensuring robust client protection and compliance.
- Liaise with Data Privacy & Protection team to ensure protection of sensitive customer data through rigorous encryption, strong authentication, access control measures and having them continuously monitored for deviation
Incident Response, Financial Stability, and Client Confidence:
- Establish and maintain robust incident response and disaster recovery plans tailored to financial systems.
- Ensure swift detection, response, and mitigation of security breaches while minimizing financial loss, operational disruption, and maintaining client confidence.
- Develop a communication strategy to transparently handle incidents, reassuring clients and preserving trust.
Customer Data Protection and Enhanced User Security:
- Prioritize the security of customer data and financial information by implementing advanced security measures, integration and orchestration.
- Focus on end-to-end encryption, secure transactions, and continuous monitoring to safeguard against breaches.
- Foster a culture of security awareness among employees to prevent social engineering and other security threats.
Stakeholder Communication, Collaboration, and Regulatory Assurance:
- Assist cross-functional teams to integrate cybersecurity into all business processes, ensuring cohesive and comprehensive security.
- Foster collaboration with IT, legal, HR, compliance, and customer service teams to create a unified security culture.
- Communicate effectively about cybersecurity risks, policies, and incidents to maintain transparency, regulatory assurance, and stakeholder trust
Knowledge, Skills, & Experience:
- Graduate/Postgraduate degree in Science, Engineering, or IT.
- Professional certifications such as CISSP, CISM, CRISC, CISA, or equivalent.
- Extensive experience in managing Cyber Defense Center or Security Operations Center operations, with a strong background in overseeing large teams.
- 10+ years of experience in incident monitoring and response (CERT & SOC), with proven leadership skills and expertise in managing complex security operations.
- Proficiency in managing SIEM platforms, security technologies, and operational processes.
- Strong analytical skills for evaluating security requirements and implementing appropriate controls.
- Excellent leadership, communication, and collaboration skills.
- Knowledge of the banking environment is advantageous
