Our Client, a Group of FX Companies, based in Limassol are hiring a new SOC (Security Operations Centre) Manager for an exciting new security division to support security operations for their group.

The SOC team is one of the Information Technology pillars for the group and works alongside the corresponding IT pillar’s (Network Operations Centre, Security Operations Centre, Operational IT)

The SOC team’s primary objective is to ensure the overall effectiveness of cybersecurity across the the group globally.

This role SOC Manager will lead the detection and investigation of security events at the organization, ensuring that all cybersecurity attacks are timely detected, investigated and mitigated. The role is responsible for maintaining the incident management team, processes, and tools in line with current threats, attempting to stay a step ahead of the attackers. 

The SOC Manager is responsible for the optimal performance of the Security Operations Center, a distributed team of cybersecurity analysts whose role is to detect, investigate and resolve security incidents that are a threat to the organisation. While experience on incident response technical handling is important, the more relevant aspect of this role is the capability to design, implement and measure processes in the Security Operations Center to ensure that it works like clockwork: Participation in selecting the correct tools to monitor the threats to the organisation, deploying operational processes to monitor output of the tools, ensuring triaging of detected issues so these get prioritised and followed-up on by the right team members, reporting on effectiveness and improvements necessary in the team/tools/processes and in general owning the incident response process for a growing number of platforms worldwide.

This is a unique new opportunity within the Group to introduce best practices and shape a team that is growing into a wider role within the organisation, bringing your experience to make the team a reference on incident response within the online trading realms.

You must be familiar with global data protection standards such as GDPR.

Primary Responsibilities:

• Build and manage an effective SOC team in our Cyprus office to function with the newly formed NOC team.
• SOC monitoring and alert response
• Dedicated incident response
• Key member and participation in the Global Security Operations Committee
• Cyber Security and participation into strategy
• Red team testing, pen testing, internal & external infrastructure testing
• Ensure cyber incidents are investigated and mitigated using AI tools already implemented.
• Patch management and vulnerability management using automated tools.
• Define and maintain incident handling procedures to ensure incidents are adequately identified, investigated, and mitigated. Ensure that lessons learned are conducted to avoid re-occurrence of security incidents and that relevant incidents are documented for internal and senior stakeholder consumption
• Design, implement and measure processes to ensure the Security Operations Center runs at optimal efficiency
• Identify key use cases for threats against the group and implement incident response mechanisms to identify and address them
• Manage the evaluation and selection of the correct tools to monitor, detect and respond to threats to the organization
• Ensure security tools are operationalized and integrated into the Security Operations Center monitoring, detection and response processes
• Create a team structure and approach to work to ensure that incidents are appropriately triaged, worked on and followed-up on by the Security Operations Center various tiers
• Maintain an up-to-date view on threat landscape to the Group derived from the Security Operations Center activities so that the Cybersecurity strategy can be adapted to address the identified threats
• Report to Cybersecurity leadership on Security Operations Center effectiveness and required improvements to the team/tools/processes through objective facts and data analysis
• Own the Cybersecurity incident response. Maintain and improve the Security Operations Center program. Review and correct identified weaknesses of the program to ensure continued alignment with business expectations for Information Security Incident management
• Manage a team of security analysts to support incident management objectives, including recruitment, performance management and employee development amongst other people management functions
• Liaise with law enforcement agencies during incident investigations to ensure the company assets are safeguarded

Occasional Responsibilities:

• Respond to critical incidents on a 24x7 basis

Knowledge/Expertise/Qualifications:

The role requires a team player with strong hands-on information security and Security Operations Center leadership skills, extremely good problem-solving skills and the ability to operationalise tasks so that the team operates at optimal efficiency.

Essential

• At least three years of experience managing a Security Operations Center
• In-depth understanding of Information Security processes and theory
• Attention to detail and outstanding problem-solving skills
• Autonomous and self-organized
• 4+ years working within the information security field, with emphasis on security operations, incident management, intrusion detection, firewall deployment, and security event analysis
• Good knowledge of the technical foundations behind networking, operating systems and application: Linux, Windows, Web technologies, Cloud solutions (AWS, Azure, GCP), TCP/IP and other networking protocols - Traffic and packet analysis
• Experience with SIM, log correlation and other security monitoring tools
• Experience in creation of log correlation and intrusion detection rules
• The position requires a manager-doer with hands-on experience in security incident management
• Ability to lead and communicate efficiently within a team environment
• Advanced technical writing skills
• Experience in the following areas: Forensic analysis, Vulnerability management, Risk management

Desired

• GIAC Certified Incident Handler (GCIH) or similar qualification
• Previous experience in penetration testing, offensive tools and frameworks.
• Regulatory and industry standards work: ISO27001, PCI-DSS, GDPR etc.
• Vulnerability research skills
• Experience in security tool development
• Other relevant professional qualifications will be considered, although not a requirement, e.g. CISA, CISM, CISSP, GIAC, etc.

Send your CV to emma@fintop.co.uk