Cyber Security Operations Lead IAM

About Us

BACB is a UK bank that offers trade finance and complementary products to clients in specialist markets, especially Africa and the Middle East.

We have been helping businesses with trade finance and complementary products for over half a century, focusing on trade flows to and from Africa and the Middle East as well as real estate in the UK.

Our in-depth knowledge of the countries and practices where our clients operate ensures that we put them first.

Additional Info

• Hybrid Working: 3 days onsite, 2 from home
• Location: City of London
• Contract Type: 6 month contract

Job Summary

As a Cyber Security Lead within our SOC, focusing on threat intelligence and Identity and Access management, the incumbent will play a pivotal role in managing the Security Operations Centre (SOC), ensuring effective threat detection, incident response, and continuous improvement of security measures.

Key Work Outputs and Accountabilities

SOC Management:

• Lead deployment and daily operations of the SOC, including security events monitoring, detection, and response.
• Ensure adequate coverage and effective response to emerging threats and security events.

Threat Intelligence:

• Collect and analyse information from various sources to identify potential and existing cyber threats targeting the organization.
• Assess the credibility, severity, and potential impact of identified threats, providing actionable intelligence to inform security measures.
• Manage threat intelligence gathering and analysis to proactively identify risks and vulnerabilities.

Incident Response:

• Oversee incident response processes, ensuring timely and effective resolution of security incidents.
• Lead the creation of incident playbooks, ensuring these are regularly updated with any people, process or technology changes.
• Create formal incident reports and conduct post-incident reviews. Track the lessons learned implementation to improve response strategies.
• Provide threat intelligence and vulnerability management support during security incidents, helping to identify threat actors, tactics, techniques, and procedures (TTPs).

Identity and Access management (IAM):

• Ensure all access is managed according to the organisation's Identity and Access Management policy.
• Conduct periodic access reviews as well as thorough technical assessments across the organization's identity referential using tools such as Purple Knight, Ping Castle or equivalent.
• Analyse IAM issues, determine their potential impact, and recommend strategies for risk prevention.

SOC Management:

• Lead deployment and daily operations of the SOC, including security events monitoring, detection, and response.
• Ensure adequate coverage and effective response to emerging threats and security events.

Threat Intelligence:

• Collect and analyse information from various sources to identify potential and existing cyber threats targeting the organization.
• Assess the credibility, severity, and potential impact of identified threats, providing actionable intelligence to inform security measures.
• Manage threat intelligence gathering and analysis to proactively identify risks and vulnerabilities.

Incident Response:

• Oversee incident response processes, ensuring timely and effective resolution of security incidents.
• Lead the creation of incident playbooks, ensuring these are regularly updated with any people, process or technology changes.
• Create formal incident reports and conduct post-incident reviews. Track the lessons learned implementation to improve response strategies.
• Provide threat intelligence and vulnerability management support during security incidents, helping to identify threat actors, tactics, techniques, and procedures (TTPs).

Identity and Access management (IAM):

• Ensure all access is managed according to the organisation's Identity and Access Management policy.
• Conduct periodic access reviews as well as thorough technical assessments across the organization's identity referential using tools such as Purple Knight, Ping Castle or equivalent.
• Analyse IAM issues, determine their potential impact, and recommend strategies for risk prevention.

Security Tools Management:

• Supervise the deployment, configuration, and operation of security tools (e.g., SIEM, IDS/IPS).
• Oversee the email, local network and web traffic security using Mimecast, Clearpass and Zscaler toolsets.
• Ensure tools are optimized to detect threats while minimizing false positives.

Collaboration:

• Work closely with cross-functional teams, including incident responders and system administrators, to contain and remediate security incidents as well as vulnerabilities.

Documentation:

• Ensure that organisations IAM and Incident Management process documents are kept up to date and adequately aligned with the overarching cyber policy and risk requirements.
• Maintain detailed records of incidents and IAM reviews, including analysis, response actions, and lessons learned, to continually improve SOC and IAM processes.

Required Qualifications and Experience

Educational Background: Bachelor's degree in computer science, Information Technology, or a related field.

Experience: 3+ years of experience in vulnerability management, information security, or a related role.

Technical Proficiency: Advanced knowledge of cybersecurity tools and technologies, such as:

• Identity and Access Management tools and platforms (e.g. Microsoft AD, Entra, PAM360, Purple Knight, Ping Castle)
• SIEM (e.g., Splunk, QRadar, Arctic Wolf and Dark Trace)
• Threat intelligence platforms (e.g., Recorded Future, Mandiant)
• Strong understanding of cyber threat intelligence, attack vectors, and mitigation techniques.
• Firewalls, IDS/IPS, and DLP solutions
• Email, Network Access Control and Web traffic security tools (Mimecast, Clearpass, Zscaler etc)
• Proficiency in incident response frameworks, such as SANS or NIST.

Certifications: Relevant certifications such as CISSP, CEH, or CompTIA Security+ are preferred.

Analytical Skills: Ability to analyse complex data sets to identify and mitigate security threats.

Communication Skills: Strong verbal and written communication skills to effectively collaborate with cross-functional teams and convey security concepts to non-technical team members.

Locations London Remote status Hybrid