Cyber Defense Manager

The Cyber Defence Manager is responsible for leading the bank’s operational cybersecurity defence functions including threat detection, incident response, threat intelligence, and security monitoring. This role plays a critical part in protecting the bank’s digital infrastructure, customer data, and systems from internal and external cyber threats.

• Threat Monitoring & Detection: Oversee 24/7 SOC operations, ensuring threats are identified, triaged, and escalated appropriately across endpoints, network, cloud, and mobile.
• Cyber Incident Response Management: Lead and coordinate the full incident response lifecycle – including preparation, detection, containment, eradication, recovery, and lessons learned.
• Threat Intelligence Operations:
  • Manage intake and operationalization of threat intelligence from multiple sources including GSOC, FinTIP, regulators, and industry peers.
  • Ensure threat advisories are assessed, acted upon when relevant, and documented.
  • Provide timely, contextualized threat reporting to stakeholders, including near-miss analysis.
• Threat Landscape Reporting:
  • Regularly report on threat trends, top threats to the bank, and actions taken (e.g., IOC blocking, network rule updates).
  • Summarize threat exposure in a business-relevant format for executive and committee presentations.
• Vulnerability Coordination:
  • Collaborate with Infrastructure and Application teams to ensure vulnerabilities discovered through threat intel or incident investigations are addressed.
  • Work closely with the Vulnerability Management team on exploit intelligence and prioritization.
• Tooling & Optimization: Manage and tune tools such as SIEM (e.g., Sentinel), SOAR, EDR, and TIP to improve detection fidelity, response speed, and reduce false positives.
• Automation & Playbooks: Develop and maintain incident response playbooks and automate where feasible (via SOAR or scripts) to ensure consistent response actions.
• Threat Hunting: Coordinate proactive threat hunts based on emerging TTPs and internal threat scenarios. Ensure findings are documented and lessons are applied.
• Cyber Resilience Testing: Conduct or support cyber simulation exercises (e.g., Red Team, Purple Team, or tabletop drills) to evaluate readiness and response maturity.
• Collaboration: Act as the point of contact during active incidents and collaborate with stakeholders including Infra, Apps, Legal, Risk, and Comms.
• Regulatory & Audit Support: Support requests from regulators, internal audit, and external assessments by providing evidence of threat monitoring and incident response controls.

Job Requirements & Criteria:

Qualifications & Experience

• Bachelor’s degree in Computer Science, Cybersecurity, or related field. Master’s or certifications (e.g., CISSP, GIAC, GCIH, GCIA) are advantageous.
• Certifications in cybersecurity technical domains is a plus.
• 5 years of relevant experience in cybersecurity operations
• Strong experience managing SOC operations and incident response processes.
• Familiarity with frameworks like MITRE ATT&CK, NIST CSF, or ISO 27001.
• Experience with banking or financial regulatory expectations (e.g., BNM RMiT, PCI DSS, MAS TRM) is a plus.

Technical Competencies

• Hands-on knowledge of SIEM (e.g., Sentinel, Splunk), SOAR tools, and EDR/XDR platforms, DLP.
• Solid understanding of network, endpoint, and cloud security monitoring techniques.
• Ability to analyse logs, packet captures, and malware samples (preferred).
• Familiarity with threat intel platforms (TIPs) and integration of threat data.

Soft Skills & Leadership

• Strong analytical, decision-making, and crisis management skills.
• Excellent communication skills – able to brief technical and non-technical stakeholders.
• Team leadership experience, including coaching and performance management.
• A proactive mindset and drive for operational excellence.
• Able to work independently on projects driving closure towards objectives.