Senior Manager, Security Operations Centre (SOC) at Equity Bank Kenya

Role Purpose:

• The Senior Manager SOC will be responsible for the management of the Inhouse local SOC and the Offshore Outsourced SOC. (S)he will be responsible for management and supervision of a team of Security Analysts  and technical experts working in a 24x7 shift environment and the technical and process direction of the Security Operations Center, providing direction to the analysts as well as acting as a liaison to other teams within the Bank.
• The Security Operations Center is responsible for providing 24x7x365 continuous investigation of correlated security event feeds and the appropriate triage and escalation in case of an identified security incident. 
• The Security Operation Center is the primary contact for any suspected security incident and works together with the Incident Response teams on resolving incidents and remediating threats across the Bank.

Key Responsibilities:

• This is a management role responsible for managing the Security Operations Centre (in-house and Outsourced), detecting, responding to and managing security incidents to protect the Group’s Information assets.
• Formulate and develop the Security Operations Framework, including SOC processes, policies, and procedures. 
• Build, develop and manage a Security Operations Centre.
• Manage all day-to-day activities within the Security Operations Centre to ensure effective operation of threat detection and prevention.
• Provide leadership, guidance, and technical expertise in running a SOC.
• Ensure the Bank’s security detection, protection, response, and recovery procedures are up to date, tested, maintained, and followed.
• Be accountable for security incident management.
• Ensure proper integration and handover of new security services within the monitoring and detection capability of the SOC.
• Ensure continuous SOC services improvement.
• Set-out key security performance indicators that ensure proper service delivery and service improvements.
• Develop and maintain SOC-related policies, procedures, and processes to ensure all necessary information and security data is continuously being collected, correlated, and analyzed to detect potential external and internal threats to the organization.
• Develop metrics needed to communicate risk levels to the organization and articulate the value derived from the SOC Services to the Group.
• Develop and provide reports regularly to meet management, compliance or audit needs.
• Collaborate with relevant internal stakeholders, including security, Risk, Operations, IT, NOC, etc. to ensure appropriate security incident management and threat response processes are in place and maintained.
• Provide briefing to the business stakeholders regarding ongoing security incidents and threat Levels.

Qualifications

Role Requirements:

• Bachelor’s degree in information technology, Information Security/Assurance, Engineering or similar areas of study.
• Hold at least one relevant industry certification (GCIH, GCED, CISSP, CISA, CISM, etc.).
• Understanding of SIEM tools such as Splunk, ArcSight, RSA, McAfee ePO, etc.
• Experience building and maintaining a high-performance team of analysts.
• Expertise with industry standard frameworks (ISO, NIST, PCI).
• Experience maintaining metrics and SLAs.
• Minimum 5-7 years of Security leadership experience, with experience building long-term career development plans for team members at all levels.
• Experience in designing, implementing and measuring relevant security and technology management critical success factors, key performance indicators, and metrics.
• Ability to create shift schedules to ensure 24x7 coverage by support personnel.
• In-depth knowledge of modern security concepts and how to apply them.
• Experience in managing and maintaining relationships with the Bank, vendors, and customers.
• Knowledge of a few of the following: Strong Authentication, End Point Security, Internet Policy Enforcement, Firewalls, Web Content Filtering, Database Activity Monitoring (DAM), Public Key Infrastructure (PKI), Data Loss Prevention (DLP), Identity and Access Management (IAM)