Incident Response Lead Analyst

Job Description

Role Description The Cybersecurity Incident Management and Response Team is responsible for effectively and efficiently managing all information and cybersecurity incidents across the Group on a 24x7 basis. This function is structured into two primary missions: Incident Management: Coordinating and orchestrating the global technical response to cybersecurity incidents, and ensuring timely, effective communication to Global Business and Functional stakeholders, Senior Executive Leadership, and relevant regulatory bodies. Incident Response: Conducting technical and forensic investigations arising from threat intelligence, security testing, and user-reported incidents. The goal is to effectively contain, mitigate, and remediate both active and potential attacks. Key Responsibilities Lead and perform technical and forensic investigations into global cybersecurity events, ensuring timely threat identification and mitigation. Conduct post-incident reviews to assess the effectiveness of controls and response capabilities; drive improvements where necessary. Deliver forensic services including evidence collection, processing, preservation, analysis, and presentation. Stay updated on emerging technology trends and cybersecurity best practices to provide guidance to business and IT functions. Collaborate with Global Cybersecurity Operations (GCO) and business teams to develop and maintain effective incident response playbooks. Contribute to the creation and enhancement of detection mechanisms (use cases) and security automation workflows. Define and refine detailed processes and procedures for managing cybersecurity events. Enhance technical capabilities of security platforms and incident response tools. Support the development of the team?s capabilities, including training and mentoring junior team members. Promote a culture of transparency and continuous improvement by identifying and addressing weaknesses in people, processes, and technology. Drive self-improvement and maintain subject matter expertise in cybersecurity. Engage with global stakeholders to improve cybersecurity awareness and communicate the impact of cybersecurity initiatives. Generate and present management information and incident reports tailored for various audiences, supported by data and expert analysis. Required Skills & Competencies Strong understanding of cybersecurity incident management and investigation techniques. Hands-on experience with IDS/IPS systems, TCP/IP protocols, and common attack vectors. Ability to independently analyze complex problems and determine root causes. Effective communication skills with the ability to convey technical issues clearly to both technical and non-technical audiences. Sound decision-making abilities under pressure, with a focus on risk mitigation and operational resilience. Strong collaboration and stakeholder engagement skills across diverse teams. High level of integrity, urgency, and personal accountability. Demonstrated ethical conduct and commitment to organizational values. Knowledge of cybersecurity principles, global financial services, compliance requirements, and regulatory standards. Familiarity with industry frameworks and standards such as OWASP, ISO 27001/27002, PCI DSS, GLBA, FFIEC, CIS, and NIST. Experience in responding to advanced threats, including offensive security knowledge or experience with deception technologies (honeypots, tripwires, honey tokens, etc.). Preferred Technical Skills Cybersecurity Incident Management Intrusion Detection/Prevention Systems (IDS/IPS) TCP/IP Protocols and Network Analysis Forensics Tools and Techniques Security Automation & Orchestration Platforms Threat Intelligence Integration SIEM Tools (e.g., Splunk, QRadar, etc.) Skills Incident response,Forensic