Cyber Defence Lead

A licensed virtual bank in Hong Kong

Location

Hong Kong

Report to

Chief Information Security Officer

Job Summary
• Improve cyber defence capability.
• Improve security monitoring capability.
• Improve security incident response capability.

Responsibilities

Anomalies activity and cyber incident detection
• Manage the anomalies activity detecting process.
• Assess the monitoring needs and define the monitoring scope and approach.
• Work closely with Security Operation Center to ensure that the monitoring process are effective.
• Oversight and monitor on the activities performed by the Security Operation Center.
• Monitor security events reported to ensure that all events are properly handled.
• Response to security events escalated from the Security Operation Center and work with the relevant parties to investigate and response when needed.
• Develop relevant information security metrics to monitor the banks information security posture and translate it into meaningful insights for the senior management.

Cyber incident response and management
• Manage security incident and develop response plan and playbooks for various attacks and security events.
• Oversight and monitor security incidents to ensure that all incidents identified are managed according to the incident management procedure and response plans.
• Ensure escalation and reporting process are in place and followed.
• Perform analysis to assess incident impact and determine whether the involvement of external investigators or forensic analysis are required to support incident investigation.
• Work with external investigators on forensic analysis during cyber and information security incidents.
• Drive the banks regular incident response drills exercise in responding to cyber and information security incidents.

Threat monitoring and analysis
• Monitor threat intelligence from various sources to discover emerging cyber threats affecting the bank and customers.
• Perform threat analysis and to identify potential security controls or remediation and other security improvement in response to the threats.
• Perform threat hunting, leveraging available indicators of compromise, to identify potential threats that are lurking undetected.
• Threat intelligence sharing and to collaborate with 3rd parties and industry peers.
• Manage the threat and vulnerability management program.

Requirements
• At least 7 years of experience in information & cyber security from either the banking and finance industry or security consulting with primary focus on Incident Response or Intrusion Detection.
• Solid understanding of incident response, threat modeling and common attack vectors, adversary tactics, techniques & procedure, MITRE ATT&CK framework.
• Hands on experience
in using Splunk Enterprise Security, analyzing security log & network traffic, identifying, and investigating security incidents.
• Prior experience in malware analysis, virus exploitation and mitigation techniques, and digital forensic.
• Understanding of network, desktop and server technologies, network intrusion methods, network containment, segregation techniques, IDS and IPS.
• Degree holder major in Computer Science or related field.
• Relevant certification in information security (e.g., CISSP, CISA or CISM etc.)