Assistant Manager - Cyber Security

Purpose/Objective

The SOC Executive is responsible for leading the Security Operations Center (SOC) by supporting cybersecurity incident response, security engineering, and incident management functions at an executive level. This role ensures effective threat detection, strategic incident response, continuous security improvements, and regulatory compliance while driving innovation and automation within the SOC.

Key Responsibilities of Role

SOC Executive Incident Management & Response Execution: Support and oversee the end-to-end incident management process, ensuring security events are identified, escalated, and addressed in a timely manner. Assist in the development and execution of incident response plans, ensuring alignment with industry best practices and regulatory requirements. Manage the SOC’s response to high-severity security incidents, ensuring appropriate escalation and mitigation actions are taken. Ensure effective coordination between SOC teams, IT, legal, and compliance during security events and post-incident activities. Monitor and support the root cause analysis and remediation efforts to prevent incident recurrence. Assist in the execution of incident response drills, tabletop exercises, and training programs to improve preparedness. SOC Engineering & Technology Management: Manage and oversee the deployment, configuration, and optimization of security technologies such as SIEM, IDS/IPS, EDR, SOAR, and firewalls. Assist in evaluating and integrating new security technologies, ensuring alignment with SOC objectives and threat detection capabilities. Support efforts to enhance security monitoring, automation, and alerting mechanisms, improving operational efficiency. Oversee the maintenance and continuous improvement of security infrastructure, ensuring systems are updated and operating effectively. Execute initiatives to optimize security tools, fine-tune detection mechanisms, and reduce false positives. Manage vendor relationships and assist in evaluating third-party security solutions. Incident Detection & Analysis Support: Oversee the analysis, classification, and triage of security incidents, ensuring proper prioritization and execution of response activities. Support the investigation of security incidents, ensuring that threats are contained and remediated effectively. Assist in managing and fine-tuning threat intelligence processes, ensuring the SOC remains proactive in identifying emerging risks. Ensure forensic analysis and evidence collection follow industry best practices to support legal and compliance requirements. Communication, Compliance & Reporting: Manage and support communication between SOC teams, senior leadership, and external stakeholders during security incidents. Ensure timely and accurate reporting of security incidents, providing insights into trends, risks, and response effectiveness. Assist in the execution of post-incident reviews and lessons learned exercises, identifying areas for improvement. Support compliance efforts by ensuring adherence to NIST, ISO 27001, GDPR, PCI-DSS, and other relevant security frameworks. Oversee the documentation of incident reports, security policies, procedures, and operational workflows. Process Improvement & Operational Execution: Manage and oversee the refinement of SOC processes, workflows, and response strategies to improve efficiency and effectiveness. Assist in developing and executing automation initiatives to enhance SOC capabilities and reduce response times. Ensure continuous improvements in incident detection, investigation, and mitigation strategies. Oversee and support performance monitoring and health checks of SOC tools and technologies. Key Stakeholders - Internal Executive Leadership Department Heads Incident Response Team Network Security Team Risk Management Teams Legal & Compliance IT Team HR and Training Teams Communications/PR Team End Users (Employees/Staff) Key Stakeholders - External Managed Security Service Providers (MSSPs) External Incident Response Third-Party Vendors Regulatory Bodies External Auditors Legal Advisors Law Enforcement Agencies Cybersecurity Consultants Cloud Service Providers

Technical Competencies

Application Security Management-CYS,Cybersecurity Governance & Compliance-CYS,Data Protection & Data Loss Prevention-CYS,IT Support & Infrastructure Security-CYS,Identity & Access Management-CYS,Network Security & Perimeter Defense-CYS,Research and Innovation-CYS,Risk Management & Threat Modelling-CYS,Security Assessment and Testing-CYS,Security Engineering & Architecture-CYS,Security Operations & Incident Response Management-CYS

Qualifications and Experience

Educational Qualification: Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field. Advanced degree (e.g., Master's, MBA) in Cybersecurity, Information Assurance, or a relevant discipline is highly desirable. Certification: Relevant certifications such as CISSP, CISM, GIAC, or other incident response-related certifications are highly desirable. Work Experience (Range of years): 5+ years of experience in security operations or incident management, with at least 2 years in a leadership or supervisory role.