NTT is a leading global IT solutions and services organisation that brings together people, data and things to create a better and more sustainable future.In today’s ‘iNTTerconnected’ world, connections matter more now than ever. By bringing together talented people, world-class technology partners and emerging innovators, we help our clients solve some of the world’s most significant technological, business and societal challenges.With people at the heart of our success, NTT is committed to attracting and growing the best talent and providing an environment where everyone feels they can belong and their contribution matters.Want to be a part of our team? The Manager: Security Incident and Vulnerability Management is a senior role responsible for overseeing and leading an aspect of NTT's information security services.The Security Incident Manager is the leader and coordinator of the CSIRT function within NTT ANZ. They are responsible for overseeing the entire incident response process, from identification and containment to recovery and improvement. They also communicate with the senior management, stakeholders, and external parties, such as law enforcement or regulators, as needed.The Security Incident manager requires strong leadership, communication, and decision-making skills, as well as a broad knowledge of our client's IT environments, policies, and procedures.Working at NTTKey Roles and Responsibilities:
- Being the central point of contact to drive all in scope cyber incidents to resolution
- Being the primary point of contact and coordinating NTT's response to client managed incidents managed by the CSIRT Team
- Create and present incident reports
- Keep incidents status up to date with key stakeholders through regular updates
- Oversee all aspects of incident management process from evaluation to resolution
- Maintain daily communication with analyst team
- Drive incidents to a conclusion based on SLAs and criticality level
- Coordinate the activities of analysts and parties external to the CSIRT Team involved in incident response
- Define improvement over incident playbooks
- Prepare weekly and monthly incident status reports
- Monitor intelligence sources to maintain situational awareness of cyber threat landscape
- Familiarity with risk management and controls frameworks, cyber kill chain and NIST Incident response life cycle
- Experience in managing cyber incidents, ideally in an outsourced SOC
- Proven experience in security operation and monitoring
- Working knowledge about SIEM architecture
- Working knowledge of Microsoft Sentinel, Splunk, Elastic Stack, or industry equivalent at a user level
- Being able to work with a diverse set of stakeholders within NTT and our client's from technical through board level.
- Strong report writing and communication skills
- Strong written and verbal communication in English
- Understanding crisis management, business continuity and disaster recovery procedures
- Ability to understand technical topics dealing with technical teams and explain and present them to management level executives
- Being able to handle multiple competing priorities in a fast-paced environment to proceed high priority tasks to a resolution
- Relevant certifications such as CGIH, CISM
- Understanding of security governance, risk and compliance
- Familiarity with related publications such as: NIST 800-61 (incident handling), NIST 800-30 (risk assessment), NIST 800-52 (controls)
- Ideally with current AGSVA clearance or ability to obtain one