Incident Response Manager

Role       : Incident Response Manager

Location : Abu Dhabi

Role Purpose:

The Incident Response Manager will lead the Cyber Security Incident Response unit, overseeing its day-to-day operations and managing the SOC shifts. This role requires collaboration with various internal teams and departments, as well as external partners and cybersecurity agencies, to ensure an effective and timely response to all security incidents. The manager must demonstrate strong leadership skills, encourage teamwork, optimize team performance, and develop incident response strategies. Additionally, this position demands hands-on expertise in handling complex L3 security incidents from detection to disposition, including leveraging AI-driven threat detection and automated incident response tools. The role also requires strong crisis management and stakeholder communication skills to effectively coordinate during high-impact security events.
    
Key Accountabilities of the role      

Leadership and Strategy:

• Lead the Cyber Security Incident Response unit, managing both the day-to-day operations and the strategic development of incident response capabilities.
• Develop, oversee, and refine incident response plans, playbooks, and strategies to ensure rapid and effective response to security breaches.
• Maintain and enhance information security monitoring processes, tools, and technologies, driving continuous improvements and reducing gaps between current and ideal states.
• Demonstrate adaptability and innovation to address evolving threat landscapes, continuously enhancing the response approach.

• Directly handle L3 security incidents, overseeing their detection, analysis, containment, and resolution.
• Supervise the staff’s utilization of security monitoring tools and ensure high levels of team performance and engagement.
• Coordinate with threat intelligence, monitoring teams, and other security functions to effectively communicate incident findings to leadership and relevant stakeholders
• Implement and maintain robust incident response frameworks, including industry standards such as NIST, MITRE ATT&CK, and best practices for coordinated response efforts.
• Prepare and present post-incident reports, including lessons learned and recommendations for preventive measures, to executive management.
• Experience in crisis management and business continuity planning.

• Manage SOC shift schedules to ensure 24/7 coverage and effective resource utilization.
• Provide detailed reports on incident investigations, root cause analyses, and mitigation strategies, contributing to the organization’s continuous improvement efforts.
• Develop and track key performance metrics for incident management and response, reporting outcomes to senior management.
• Maintain strong relationships with internal and external stakeholders to support the incident, problem, and change management cycles.
• Facilitate effective communication during incidents, ensuring that stakeholders are informed of progress and resolution steps.

• Proven experience in managing security operations centers and incident response teams.
• Demonstrated capability in hands-on management of L3 security incidents from detection through to disposition.
• Strong leadership skills with the ability to motivate and guide teams.
• Expertise in information security principles, the cyber threat landscape, and incident response protocols.
• Excellent communication and interpersonal skills to interact with various business units and IT departments.
• Knowledge of ISO 27001, NESA, PCI DSS, SWIFT, and other information security standards and regulations.
• Familiarity with incident response frameworks (NIST, MITRE ATT&CK) and best practices in managing cybersecurity incidents.
• Ability to manage multiple tasks with high attention to detail and organizational skills.
• Bachelor’s degree in engineering, IT, or a related technical discipline.
• Relevant certifications in cybersecurity and incident management (e.g., CISSP, CISM, GCFA, GCIH).