1. Leads the execution of a robust security monitoring, detection and incident and breach response strategy and operating model. Works with relevant stakeholders to ensure that the process is mutually understood, agreed, and responsibilities are clear and accepted.

2. Develops and implements processes to investigate, analyze and profile the structure and dynamics of a particular sector or group within the adversary community of interest to the IMF. This includes analysis and determination of the intent, operational and technical capabilities, tradecraft, and modus operandi of threat actors. Creates and keeps up to date a unique threat profile map specific to the IMF.

3. Develops and implements processes to investigate within information security policy provisions, all infrastructure and application intrusions and data theft by internal and external threat actors and threat vectors. Leads the implementation of the incident response capability through intelligence backed decisions in a dynamic threat environment. Develops and delivers management summaries and briefs on intrusions and intrusion attempts.

4. Supports the preparedness of IMF departments to respond to information security incidents. Participates in regular exercises to simulate incident scenarios to ensure the currency of incident response plans and capability, and incorporates lessons learned from realized security incidents.

5. Develops, leads, and supports a cyber threat intelligence capability including the collection, analysis, production, and dissemination of timely and actionable cyber threat intelligence to operational and business teams and an executive audience.

6. Supports IMF’s cybersecurity threat and vulnerability management program focusing on infrastructure, applications and IoT, with a goal to continually reducing the risk exposure of the IMF’s on-premise and multi-cloud environment within acceptable risk tolerances.

7. Works closely with Enterprise Architecture, Information Security Architecture and Cybersecurity Platform functions to ensure the co-development and implementation of security reference architectures and patterns for security monitoring, detection, automation, and orchestration in multi-cloud environments.

8. In close coordination with the Cybersecurity Platforms team, develops and implements the cybersecurity operations service management capability, including change, incident, and problem management according to established processes and procedures. Optimizes the cybersecurity operations service delivery processes and demonstrates measurable value by identifying opportunities for automation, standardization, and elimination of process waste.

9. Establishes professional relationships at technical and management levels with security product vendors and managed security service providers to manage contracted security services, and drive product functionality, break-fix, training, and service delivery improvements. Ensures that the overall services are delivered as expressed in the contract Statement of Work and related exhibits, that the service levels for outsourced services/functions are maintained and continually improved, and that any problems with the day-to-day delivery of services provided by the Supplier are minimized.

9. Manages administrative activities of threat intelligence and security operations including oversight of cybersecurity staff and vendors, recruitment of qualified analysts, shift management, technical training, budget management, monitoring non-compliance to security operations policies and procedures, and secure management of privileged access by analysts.

10. Ensures security operations analysts are equipped with the latest security intelligence from subscribed feeds and through partnerships with other IOs, intelligence communities, and external law enforcement agencies.

11. Carries out other duties as assigned.

Requirements:

Minimum Qualifications

Advanced degree in information security, computer science, engineering, mathematics, or related field of study plus a minimum of 8 years of progressive information security work experience; or a bachelor’s degree in information security, computer science, engineering, mathematics, or related field of study and minimum of 14 years of progressive information security work experience.

Additionally, below qualifications are sought after:

• Candidate must possess at least 2 of the certifications below. Having more than 2 is a plus CISSP, CISM, CCSP, CISA, CEH, Cloud Security Certifications, EnCE, CFE, GIAC certifications (GCIH, GCFE, GSOC, GDAT, GCTI, GWAPT, GPEN, GREM etc.) or equivalent.
• Hands-on technical experience in establishing and delivering services in the area of cyber threat management, security engineering, security monitoring, incident and breach response, digital forensics, and eDiscovery in on-prem and multi-cloud environments.
• Experience in leading vulnerability management and threat intelligence programs in organizations facing complex and sophisticated threats (external and internal). Experience working with cyber threat intelligence communities and information security focused ISACs.
• Experience in managing and developing in house and outsourced cyber teams.

Relationship Management Skills

• Ability to establish and maintain effective partnerships and working relations in a multi-cultural, multi-ethnic environment with sensibility and respect for diversity.
• Demonstrates ability to represent the department fully and successfully to internal and external audiences.

Work Management Skills

• Fulfills a more formal role in planning, organizing, and effectively completing large or complex team projects.
• Navigates through obstacles and challenges effectively and demonstrates commitment to deliver successful results.
• Ability to lead, guide and mentor a diversified team of information security experts.
• Ability to collaborate with IT and business colleagues to prioritize work, develop roadmaps, enhance services, and contribute meaningfully to the department’s service delivery.
• Ability to manage a broad portfolio of services; ability to balance multiple priorities and demands.
• Budget and cost management.
• Ability to quickly grasp how new technologies work and how they might be applied to achieve business goals.
• Analytical skills that enable synthesis of inputs from many sources and allow for strategic thinking and tactical implementation.
• Interpersonal skills that create openness and trust among colleagues.
• Facilitation and conflict management skills that enable effective working relationships.
• Spoken and written communications that are compelling, convincing, and reassuring, and skills to articulate complex technical ideas to non-technical stakeholders.
• Pragmatic security expert with an inherent ability to balance security demands with business reality.