About the job
As part of the Security Operations team, the Security Operations Manager role acts as the subject matter expert for specific operations security services defined in the security operations service catalogue. The manager is responsible for overseeing the technical delivery of supplier-provided Security Operations services, ensuring they meet agreed service level standards. This position involves daily management of information security operations, which includes monitoring, analysis, detection, and escalation of information security risks and threats.
Accountabilities
- Manage the technical delivery of security services by managed security service providers, including:
- Act as the focal point for CrowdStrike’s Falcon Complete, overseeing the relationship and ensuring sensor deployment and configuration are compliant across the Etihad environment.
- Manage incidents for Brand Protection with Izoologic, collaborating across all areas of Etihad.
- Coordinate with IBM for the delivery of Managed Security Services.
- Serve as the main contact for information security operational requests.
- Review supplier reports to ensure adherence to agreed Service Level Agreements (SLAs).
- Assess the effectiveness of security services for detecting, preventing, and responding to security incidents.
- Participate in the incident response team on a 24/7 rotation, managing all security-related incidents from Priority 1 to Priority 4.
- Ensure compliance with information security controls according to Etihad standards, policies, and regulatory requirements.
- Provide support for information security investigation requests and report on situational awareness.
- Confirm that security policies and controls are applied by all supported platforms from service providers.
- Manage and document security procedures and configurations with security service providers.
- Handle internal stakeholder management, reporting information to the Head of Cybersecurity and the Head of Technical Systems regarding escalations and resolution progress.
- Manage external stakeholder relationships, including engagement with account managers and delivery personnel from managed service providers.
Education & Experience
- In-depth knowledge and experience with endpoint detection and response systems (CrowdStrike preferred).
- Familiarity with Information Security Operations tools including SIEM, IDS/IPS, Endpoint security, IAM, Email Security, and DLP.
- Understanding of ISO27001, NIST, UAE government cybersecurity standards, and regulations regarding information security and data privacy.
- Proficiency in Service Management Operations principles like Incident Management, Vulnerability Management, and Change Management.
- Strong project management skills to execute works by security service providers and internal teams.
- Excellent written and oral communication skills are required.
- A graduate degree in Computer Science, Management Information Systems, or a related field is necessary; postgraduate education in Information Technology or Computer Science is preferred.
- Relevant industry certifications such as Certified Information Systems Security Professional (CISSP), Global Information Security Assurance Professional (GIAC), Certified Information Security Manager (CISM), or Certified in Risk and Information Systems Control (CRISC) are advantageous.
About Etihad Airways
Etihad Airways, the national airline of the UAE, was established in 2003 and has become a prominent global airline, flying to various destinations worldwide. Based in Abu Dhabi, Etihad operates a vast network, including passenger and cargo services across multiple continents. The airline has received numerous awards for its services and products and has been recognized for its response to COVID-19, leading in crew vaccination efforts. Etihad is committed to addressing the climate crisis and actively pursues industry decarbonisation through partnerships with global aviation leaders.