Job Overview
The Security Engineering Manager is responsible for leading IT security operations across IAM, infrastructure, and endpoints; overseeing managed security services (including monitoring, incident response, penetration testing, and red teaming); and driving the development of new security capabilities. The role requires at least 7+ years of experience in security or GRC, strong technical expertise, and proven leadership capabilities.
Key responsibilities
Security Operations Management
- Accountable for the security operations effectiveness in the following platforms: IAM, Group Infrastructure, and Group Endpoint Management.
- Define and maintain security operations baselines and standard operating environment (SOEs) for the above platforms.
- Oversee the IT Security Operations team to ensure day-to-day security operations follow the defined baselines and SOEs.
- Ensure security operations processes, risks, and controls are defined, documented, and adhered to relevant Group InfoSec standards.
- Define and track performance metrics for operational effectiveness.
Managed Services Oversight
- Accountable for managing services and its quality, including 24/7 security monitoring, incident response, and penetration testing. Ensure all security monitoring/ pen-test requests are managed by the Group through ISO's front door.
- Define and maintain service deliverable baselines and ensure managed services follow these baselines for consistent and quality deliverables.
- Establish SLAs and performance metrics to evaluate/ benchmark managed services. Define and maintain the list of preferred managed services through periodic evaluations.
Capability Development
- Research, evaluate, and develop new security capabilities, tools, and controls to enhance the Group's defense-in-depth strategy.
- Lead pilot projects and proofs-of-concept for innovative security solutions.
- Collaborate with architecture and risk teams to integrate new capabilities into existing infrastructure.
Requirements
- Bachelor's degree in computer science, cybersecurity, or related field.
- Proven experience (7+ years) in Information Security GRC or IT security operations, with at least 23 years in a managerial or leadership role.
- Strong knowledge of Azure AD or similar Identity Management platforms, network infrastructure, and endpoint security protection.
- Experience working with managed-security services and vendors.
- Hands-on expertise in security monitoring, incident response, penetration testing, and phishing simulation.
- Strong problem-solving, decision-making, and leadership skills.
- Excellent communication skills, with the ability to interact effectively across technical and business teams.
