Overview: The Head of Cyber Defense will establish, lead, and maintain the bank's unified operational security readiness across all business units and regional offices. Your mandate is to ensure world-class capability for threat detection, incident response, and continuous vulnerability assessment. This includes owning the regional Cyber Defense strategy, defining operational KPIs (like MTTR/MTTD), and enforcing strict adherence to regulatory standards across all security operations. This role reports to the Head of Security Management.
Responsibilities:
Operational:
- Drive comprehensive threat detection by leveraging SOC, SIEM, and CTI platforms, including continuous optimization of use cases and performing security monitoring gap analysis to maximize detection coverage and reduce Mean Time to Detect (MTTD).
- Lead the execution of security incident response activities, playbooks, and detailed investigations (including root cause analysis), ensuring strict SLA compliance to minimize impact and reduce Mean Time to Respond (MTTR).
- Lead advanced threat hunting operations to proactively search for sophisticated threats (APTs, zero-days) and continuously refine methodologies, leveraging OSINT, dark web monitoring, and threat feeds to translate intelligence into actionable security measures across all defense platforms (firewall, IPS, EDR, SIEM).
- Actively participate in and lead various security projects and assessments, contributing operational security expertise, insights, and remaining current with the latest cybersecurity threats, technologies, and regulations.
- Participate and respond to Audit and Compliance for Cyber Security / BNM and Internal Audit.
Technical:
- Drive in-depth research to attribute cyber threats, identify threat actors, their motivations, and Tactics, Techniques, and Procedures (TTPs), and classify malware to assess global and geopolitical risks impacting the organization.
- Develop and maintain threat profiles and Indicators of Compromise (IOCs), providing timely, actionable intelligence to support incident response, vulnerability management, and executive cyber risk awareness.
- Lead the execution of complex network, web application, and social engineering penetration tests, ensuring the delivery of high-quality reports with professional documentation of findings and detailed remediation guidance.
- Drive continuous service improvement, serve as the technical consultant for project scoping/proposals, and maintain cutting-edge knowledge of offensive techniques and industry best practices to share with and train the VAPT team
Leadership:
- Forge strong operational alliances with key internal stakeholders (SOC, IR, VAPT, CTI teams) and external entities (law enforcement, regulatory bodies, and industry peers) for rapid information sharing, threat intelligence gathering (OSINT/dark web), and collaborative incident response protocols.
- Provide expert guidance and mentorship across the Cyber Defense teams (SOC/IR/CTI) to elevate skills in threat hunting, incident analysis, and remediation planning. Conduct targeted workshops to continuously refine playbooks and response capabilities.
- Manages the performance, development, and wellbeing of a high-tempo operational team (SOC, IR, CTI). Focus on building team resilience, managing stress in crisis situations, and ensuring continuous staffing/skill development to maintain 24/7 defense readiness.
- Own the relationships with executive leadership, the Group CITO, IT Risk, and business unit leaders to communicate the current threat posture, manage expectations during major incidents, present high-level risk reports, and secure the necessary resources for defense capabilities.
Skills & Experience We Are Looking For:
- Bachelor's degree in Computer Science, Information Security, or a related field; equivalent practical experience will be considered.
- Minimum of 8 years of experience in cybersecurity, with at least 5 years in a leadership role overseeing mission-critical operational functions (SOC, IR, CTI).
- Proven experience leading and managing multi-functional teams (10-15 staff) within a high-tempo, 24/7 security operations environment.
- Strong deep expertise in managing and optimizing platform controls (SIEM, EDR/XDR, Network Forensics tools) for detection and response.
- Regulatory Compliance Expertise: Demonstrated experience managing compliance and audit requirements (RMIT, ISO 27001, SOC2, GDPR) specifically related to security operations and incident handling.
- Strong knowledge of operational security frameworks: MITRE ATT&;CK (for threat hunting/detection), NIST CSF/SP 800-61 (for Incident Response).
- Proven hands-on experience in leading, coordinating, and resolving major security incidents, ensuring strict adherence to Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR) SLAs.
- CISSP, CISM, or equivalent high-level management certification.
- Relevant operational certifications (e.g., GCIH, GCFA, Certified Threat Intelligence Analyst, CySA+).
For more job opportunities, please go to HLB Careers: https://hlb.wd3.myworkdayjobs.com/HLBCareers/
We appreciate your application and will be in touch with shortlisted candidates regarding next steps.
