Security Operations Center (SOC) Manager
|Company Name:||Chalhoub Group|
|Employment Type:||Full Time|
|No. Of Vacancies:||1|
This is a fantastic opportunity for a Security Professional to join a leading retail group in the middle east, working as part of the IT Services team. The candidate will work in the Tech Security team to support and expand the Tech Security function in security operations, threat hunting and vulnerability management domains.
Purpose of the role
Safeguards information system assets by identifying and solving potential and actual security problems. The Security Operations Manager role has a broad range of responsibilities, with a primary emphasis on incident response, threat and event monitoring and vulnerability management.
What you’ll be doing:
Develop and revise processes to strengthen the current operating model for Security Operations, review and develop relevant policies, procedures, and runbooks to address emerging and changing threats.
Responsible for IT security incident response and ensuring security incidents are logged, escalated, and responded to in line with SLAs defined for SOC services.
Act as the primary point of contact for security-related incidents, invoke CSIRT for critical incidents and engage DFIR partner as and when required.
For major incidents provide central oversight and communication to IT Leadership, Business Leadership, and relevant external stakeholders on security risk and mitigation strategies.
Monitor Managed Security Service Provider (MSSP) and identify any areas of improvement by producing relevant KPIs and metrics. Report with recommendations on how to improve services to Senior IT Management
Work closely with MSSP and internal stakeholders to ensure the effectiveness of SIEM, use cases, consistency and coverage of the critical platform monitoring under SOC, and timely closure of the security incidents.
Manage the interaction between MSSP and internal tech/operations teams and ensure a smooth flow of incident tickets and remediation activities.
Develop clear and concise operational reporting metrics including KRIs (key risk indicators) for technical teams and senior management reporting.
Develop and maintain incident response plans and ensure they are regularly tested and updated.
Stay up to date on the latest security regulations, advisories, alerts, and vulnerabilities and communicate to the technical and business stakeholders as necessary.
Lead and own vulnerability management covering the end-to-end lifecycle (identification, investigation, response, and remediation). Develop and maintain vulnerability management process, and SLAs for remediation and reporting metrics.
Work closely with MSSP’s vulnerability management team, internal tech service owners and product managers to ensure any vulnerabilities are assigned and remediated in a timely manner.
Oversight, planning and execution of any required VAPT tests, forensic audits, or related investigations.
Build and maintain a positive working relationship with the service providers.
What you’ll need to succeed:
Bachelors or master’s degree in computer science or related discipline
Achieved one or more of information security certifications (e.g., GSOC, CISSP, CISM, Cloud security certifications, etc.)
5-8 years or more experience of working in multiple IT Security domains in a large organization, preferably in Retail industry
3 years or more experience of managing security operations and working with security service providers.
Strong knowledge and experience of implementing security automation tools and techniques in a hybrid, multi-cloud environment.
Strong understanding of security risk management and experience of writing security risks identified from security incidents and vulnerability management.
Solid understanding of security threat management frameworks and attack/defense techniques including MITRE Att&ck, and OWASP.
Practical knowledge of security defense techniques for E-Commerce web and mobile applications, cloud platforms, network infrastructure, end user computing and APIs.
Ability to explain technical complex concepts and operational data / reports (e.g. incident and vulnerability remediation trends) to non-technical audiences combined with excellent communication, presentation and organizational skills.
Knowledge of security and privacy standards and frameworks including ISO 27001, PCI DSS, GDPR etc.
Demonstrably self-motivated, pro-active, action orientated to achieve deadlines