Reporting to Head of Information Security Cyber Defense Operations, the Forensics & Threat Intelligence Manager manages the activities and teams related to threat identification, collection, analysis and reporting.
The employee works within Information Security and collaborates with departments including IT and various businesses across ADIB to accurately depict the threat landscape to assist in the protection of ADIB information assets and reputation.
The employees identify threat root cause and develop corrective and preventive measures. The employee works closely with information security analysts and managers to protect ADIB’s brand, data, and systems.
Key accountabilities of the role:
Establish Threat Intelligence and Advanced Forensics capability in ADIB
Experience of performing computer forensic analysis in support of litigation and/or investigation.
Experience in conducting data breach or security incident investigations.
Manage the Threat Intelligence Unit's day-to-day operations
Experience using forensic software applications (Encase, Macquisition, Nuix, FTK, Axiom Cellebrite and XRY) and techniques to capture electronic data from computers, external media, networks, cloud-based systems and mobile data devices.
Provide expertise and oversight to the Threat Intelligence Unit
Perform the digital investigations, digital forensics and information related fraud investigations.
Set up and manage the digital forensics and data analytics lab to enhance the Group's internal capability to investigate information security incidents in an effective manner.
Provide technical support for investigations across the Group
Develop countermeasures and recommend corrective actions designed to ensure incidents will not reoccur
Encourage teamwork and align work processes to achieve high performance, meet established targets, and engage employees.
Identify additional systems that were impacted by the occurred incidents, isolate the systems and devices impacted by incidents, recover the data, and create a digital copy of them.
Provide career management and training for Threat Intelligence Unit's staff
Develop and refine priority intelligence requirements across the businesses to drive collection, processing, analysis and dissemination of cyber threat information
Develop close working partnerships with information security managers and heads to ensure threat intelligence analysis and products are mapped to prioritized corporate assets and risks
Develop industry contacts and relationships to enhance intelligence sharing and best practices
Monitor information sources to proactively identify threats on networks, systems and intellectual property
Oversee threat analysis activities including current and emerging threat research, campaign assessment, data collection and analysis, threat indicator cataloging as well as adding context to threat indicators to convey urgency, severity, and credibility
Provide input to the investigation, research, identification, and compilation of threat intelligence from internal and external sources
Manage the catalogue of intelligence products for a diverse stakeholder audience to include tactical and strategic reports, and threat briefings
Ensure the alignment with UAE Bank Federation Information Security Threat Intelligence collaboration
Provide both technical and executive level intelligence briefings/ presentations
Ensure knowledge of tools and best-practices in threat intelligence techniques, and procedures are applied
Follow-up on the legal and ethical considerations arising from conducting intelligence-led investigations and engagements
Provide guidance in the development and maintenance of Standard Operating Procedures and similar documentation
Ensure quality of intelligence products by managing and reviewing threat intelligence sources, analysis activities, and reports
Identify improvement areas, socialize them with relevant stakeholders, seek approval, and monitor their implementation
Respond to high-priority requests for information/intelligence from senior stakeholders.
Manage the analysis of evidence and conduct a deep dive investigation of security incidents and events to identify incident root causes, actors, attack vector and attack methodology while maintaining a documented chain of evidence
Generate timely incident investigation reports and document them in periodical management record
Specialist skills/ technical knowledge required for this role:
Strong interpersonal, verbal, written and presentation skills
Ability to communicate technical subject matter to a variety of technical and non-technical stakeholders
Deep expertise with security technologies, processes and systems/applications
Strong experience utilizing ONSIT and proprietary intelligence
Strong knowledge of banking processes and modus operandi
Expert-level understanding of the intelligence cycle, cyber kill chain, analytical tradecraft, threat modeling, and threat research methodologies
Expertise in the threat intelligence lifecycle and in cyber threat visualization tools
Knowledge of ISO 27001, NESA, PCI DSS, SWIFT and other information security standards and regulations
Strong knowledge of the Cyber Kill Chain, Diamond Model of Intrusion Analysis, or other relevant network defense and intelligence frameworks
Bachelor’s degree or master’s degree in engineering, IT, or any related technical discipline
Professional certification such as Network+, Security+, GSEC, CEH
Professional Certifications such as Certified Computer Examiner (CCE-ISFCE,) Certified Computer
Examiner (CCE-ISFCE), EnCase Certified Examiner (ENCE - Guidance Software), Access Data Certified Examiner (ACE - Access Data; FTK 6) and Licensed Penetration Tester (LPT - EC-council USA
Previous Experience:
More than 8 years of experience in managing threat intelligence activities in large international banks or financial institutions
Experience in performing digital forensics and information security investigations
Experience managing a team of threat intelligence analysts and investigators
Experience in analyzing threat actor tactics, techniques, and procedures
Executive experience including management-level discussions
