Lead Consultant - SOC Advisory

Job Purpose

To guide and advise customers on building SOC related services from scratch or assist in improving existing services. To assess the maturity and capability of services in scope and propose improvements. Closely working with other SOC teams, and assisting them in achieving their goals. To work closely with the rest of the Advisory team and exchange knowledge and experience.

Job Responsibilities

Key Focus Areas

Key Activities

Key Responsibilities

• Deliver high-level strategy and executive advisory services.
• Lead client engagements in security advisory at the highest strategic level.
• Establish and align business principles and objectives to the long-term security operational vision by applying tactical guidance for various information security operating models.
• Perform SOC maturity assessments and build precise roadmaps based on the goals and objectives of the organization.
• Provide clients with guidance during the Initial Operating Capability (IOC) through full operational capability (FOC) covering key aspects of SOC domains such as business, process, governance, technology, people, and services.
• Create and build on the concept of operations (ConOps) in the pre-work stages that strategically prepares the client for successful implementation of security technology and operations.
• Assist clients with recommendations in different advisory stages, such as creating security operations strategy (SOC Charter), developing training programs, assisting with use case framework implementation, developing standard operating procedures, and applying service/integrated frameworks.
• Possess the ability to identify the client's problems and use common consulting management skills such as facilitation, gap analysis, interviewing, and engaging in multiple workshops with key stakeholders.
• Collaborate with clients to define services and build technology strategies as part of the build, plan, and design phases of security operations.
• Perform as a subject matter expert (SME) in strategy conversations with c-level panels to provide exceptional IT/OT/Cloud/Physical security, compliance, regulations, and industry best practices that promote the overall mission and vision of the organization.
• Maintain a good understanding of security trends and methods for pinpointing cyber and physical security solutions that fit the client's business, financial, and technological objectives.
• Identify, build, and create cyber solutions to address security issues, perform security operations content reviews, draw conclusions, and develop strategic guidance.
• Assess and develop the current security operation effectiveness by reviewing operating procedures, workflows, policies, frameworks, and operational reporting.
• Consistently contribute towards industry-specific offerings/professional security forums/internal departmental blogs/publications/develop thought leadership.
• Contribute to the proposal process for SOC Advisory services while collaborating with other internal group members to solidify the sales pitch approach.
  
  

Characteristics

• Exceptional planning, organizational, and presentation skills.
• Ability to handle high levels of stress.
• Strong people management skills with great attention to detail.
• Good communication/interpersonal skills, with the ability to influence decision-making.
• Resilient, able to work independently and effectively under pressure, manage diverse and competing workloads ensuring deadlines are met.
• Strong understanding of the overall vision, mission, and key objectives of the organization.
  
  

AOR (Any Other Responsibilities)

Any other responsibilities as required by the Line Manager

Job Specifications

Skills/Certifications (Technical & Non-Technical)

• Agile PM
• PMP
• CISSP, CISM, CISA, GIAC SOC and Cybersecurity vendor related certificates
• ISO9001:2015 Lead Auditor
• ISO27001 Lead Implementor/Auditor
• Cloud security related certification (Azure/AWS)
• OT security experience is a plus
  
  

Minimum Work Experience

• 12+ years of extensive IT Security / IT Consultancy/client-facing roles related to SOC/Security operations projects (Cybersecurity Managers, IT Security Engineers, Security Analysts, Senior/Principal Security Analysts)
• Experience in SOC strategy, roadmap and documentation development, adapted to client organization (Services catalogue, Security Incident Response management plan, playbooks)
• Possess the ability to support the vision and mission of any organization's security program.
• Retained proficiency in delivering high-quality and high-level strategic and advisory services.
• Possesses certifications related to enterprise information security frameworks and/or compliance, regulation-type frameworks.
• Experience in understanding complex activities and relationships quickly, assessing business and delivery risks, and communicate them effectively.
• Experience in implementation/audit of NIST, MITRE ATT&CK/Defend and similar Cybersecurity Frameworks and Standards
• Experience in implementation/audit of US, EU, UAE privacy related frameworks/standards Minimum five years of experience in Information and Cyber Security.
• Minimum three years of experience in Information and Cyber Security Incident management.
• Minimum three years of experience in managing a SOC team.
• Minimum four years of experience with SIEM technologies
  
  

Education

Bachelor of Business, IT/Software Engineering or Computer Science.