Forensics & Threat Intelligence Manager

Role: Forensics & Threat Intelligence Manager 

Location: Abu Dhabi

Role Purpose:

• Reporting to Head of Information Security Cyber Defense Operations, the Forensics & Threat Intelligence Manager manages the activities and teams related to threat identification, collection, analysis and reporting. 
• The employee works within Information Security and collaborates with departments including IT and various businesses across ADIB to accurately depict the threat landscape to assist in the protection of ADIB information assets and reputation.
• The employees identify threat root cause and develop corrective and preventive measures.  The employee works closely with information security analysts and managers to protect ADIB’s brand, data, and systems.

Key accountabilities of the role:

• Establish Threat Intelligence and Advanced Forensics capability in ADIB
• Experience of performing computer forensic analysis in support of litigation and/or investigation.      
• Experience in conducting data breach or security incident investigations.       
• Manage the Threat Intelligence Unit's day-to-day operations 
• Experience using forensic software applications (Encase, Macquisition, Nuix, FTK, Axiom Cellebrite and XRY) and techniques to capture electronic data from computers, external media, networks, cloud-based systems and mobile data devices.
• Provide expertise and oversight to the Threat Intelligence Unit          
• Perform the digital investigations, digital forensics and information related fraud investigations.         
• Set up and manage the digital forensics and data      analytics lab to enhance the Group's internal capability to investigate information security incidents in an effective manner.
• Provide technical support for investigations across the Group
• Develop countermeasures and recommend corrective actions designed to ensure incidents will not reoccur
• Encourage teamwork and align work processes to achieve high performance, meet established targets, and engage employees.
• Identify additional systems that were impacted by the occurred incidents, isolate the systems and devices impacted by incidents, recover the data, and create a digital copy of them.
• Provide career management and training for Threat Intelligence Unit's staff
• Develop and refine priority intelligence requirements across the businesses to drive collection, processing, analysis and dissemination of cyber threat information
• Develop close working partnerships with information security managers and heads to ensure threat intelligence analysis and products are mapped to prioritized corporate assets and risks
• Develop industry contacts and relationships to enhance intelligence sharing and best practices
• Monitor information sources to proactively identify threats on networks, systems and intellectual property
• Oversee threat analysis activities including current and emerging threat research, campaign assessment, data collection and analysis, threat indicator cataloging as well as adding context to threat indicators to convey urgency, severity, and credibility
• Provide input to the investigation, research, identification, and compilation of threat intelligence from internal and external sources
• Manage the catalogue of intelligence products for a diverse stakeholder audience to include tactical and strategic reports, and threat briefings
• Ensure the alignment with UAE Bank Federation Information Security Threat Intelligence collaboration
• Provide both technical and executive level intelligence briefings/ presentations
• Ensure knowledge of tools and best-practices in threat intelligence techniques, and procedures are applied
• Follow-up on the legal and ethical considerations arising from conducting intelligence-led investigations and engagements
• Provide guidance in the development and maintenance of Standard Operating Procedures and similar documentation
• Ensure quality of intelligence products by managing and reviewing threat intelligence sources, analysis activities, and reports
• Identify improvement areas, socialize them with relevant stakeholders, seek approval, and monitor their implementation
• Respond to high-priority requests for information/intelligence from senior stakeholders.
• Manage the analysis of evidence and conduct a deep­ dive investigation of security incidents and events to identify incident root causes, actors, attack vector and attack methodology while maintaining a documented chain of evidence
• Generate timely incident investigation reports and document them in periodical management record

Specialist skills/ technical knowledge required for this role:

• Strong interpersonal, verbal, written and presentation skills
• Ability to communicate technical subject matter to a variety of technical and non-technical stakeholders
• Deep expertise with security technologies, processes and systems/applications
• Strong experience utilizing ONSIT and proprietary intelligence
• Strong knowledge of banking processes and modus operandi
• Expert-level understanding of the intelligence cycle, cyber kill chain, analytical tradecraft, threat modeling, and threat research methodologies
• Expertise in the threat intelligence lifecycle and in cyber threat visualization tools
• Knowledge of ISO 27001, NESA, PCI DSS, SWIFT and other information security standards and regulations
• Strong knowledge of the Cyber Kill Chain, Diamond Model of Intrusion Analysis, or other relevant network defense and intelligence frameworks
• Bachelor’s degree or master’s degree in engineering, IT, or any related technical discipline
• Professional certification such as Network+, Security+, GSEC, CEH
• Professional Certifications such as Certified Computer Examiner (CCE-ISFCE,) Certified Computer
• Examiner (CCE-ISFCE), EnCase Certified Examiner (ENCE - Guidance Software), Access Data Certified Examiner (ACE - Access Data; FTK 6) and Licensed Penetration Tester (LPT - EC-council USA

Previous Experience:

• More than 8 years of experience in managing threat intelligence activities in large international banks or financial institutions
• Experience in performing digital forensics and information security investigations
• Experience managing a team of threat intelligence analysts and investigators
• Experience in analyzing threat actor tactics, techniques, and procedures
• Executive experience including management-level discussions