Incident Response Lead Associate

Job Description

Interested in joining a team that is pivotal in protecting consumers and UK financial markets against cyber-crimeWe are looking for an Incident Response Lead Associate to join us!This role sits within the Counter Threat Unit (CTU) team of the C&IR department, which is responsible for cyber intelligence, Security monitoring and Incident Response.The team maintains comprehensive oversight of security monitoring and provides tactical awareness of the state of controls across the IT estate. This awareness is then used to provide intelligence on the risks to the estate that is used to direct remediationas well as oversee incident response activities. The role therefore requires cyber security and technical experience, allied with the ability to talk to senior management and manage suppliers of security services.The Cyber and Information Resilience (C&IR) department is responsible for the protection of the FCAs systems and data, including:

• Developing and maintaining relevant strategy, policy, and standards.
• Detection of and response to cyber incidents, as well as cyber threat intelligence collection, analysis and exploitation.
• Delivering cultural and behavioural change across the FCA to create a more secure organisation.
• Providing expert consultancy on security, privacy and information management for IT projects and the wider FCA, and delivering security, information management and data privacy improvement projects.
• Assurance that our systems and data are appropriately protected within the FCAs risk tolerance, through vulnerability management, security framework management and proactive testing.

What does the role involve

• Oversight of the monitoring, detection and response regime for cyber security incidents
• Management of outsourced Monitoring and Detection providers.
• Operational management of our EDR solution for the detection of and response to cyber-attacks.
• Lead on technical investigations as per business needs.
• Coordination with our Threat Intelligence provider and the internal team to appropriately exploit all cyber threat intelligence to focus detection and response efforts.
• Responsible for the guidelines and processes for monitoring, detection and incident response including ensuring that the necessary people are trained and prepared to respond when required.
• Continued development of our Incident Response framework, including the IR plan and Playbooks.
• Collaboration with our colleagues in IT and elsewhere to ensure a holistic approach to security incident management.
• Participating in the on-call rota for incidents out of hours.
• Providing IR metrics and reporting

Skills/Experience Required Minimum Were a signatory to the Governments Disability Confident scheme. This means that we will offer an interview to disabled candidates entering under the scheme, should they meet the minimum criteria for a role. A minimum criterion needs to be measurablefrom reviewing a candidates CV. Exceptions may apply if due to the volume of applications we are not able to interview all eligible candidates who qualify under the scheme.

• Experience of cyber intelligence analysis.
• Experience of SOC, security operations and incident response processes.

Essential

• Strong stakeholder management and communication skills
• Experience participating in incident response at a Strategic, Tactical and operational levels.
• Experience of vendor management and overseeing outsourced managed services in an onshore/offshore model.
• Experience in using EDR and SIEM technologies
• Knowledge of security technologies including: Firewall, IDS/IPS/HIDS, Anti-Virus, Vulnerability Scanning.
• Good understanding of Unix and Windows.
• Knowledge of Big Data principles and approaches in mining security data
• Experience in performing threat intelligence analysis at a strategic, tactical and operational level.

Desirable

• Knowledge of data privacy regulation, including the General Data Protection Regulations.
• Professional IT Accreditations (SANS, CISM, CISA, CISSP, M Inst ISP).
• Experience in Microsoft and AWS security solutions.

About the FCA The FCA is currently trialling a new hybrid way of working, requiring colleagues to spend 40% of their time in the office each month until the end of July. This trial period will allow us to identify the most appropriate balance of hybrid working, enablingus to benefit from the best of both working in an office environment and remotely.Useful Information:

• This is a permanent contract graded Lead Associate

The base salary range for this role is up to £87,000 (National) per annum, plus an additional flexible allowance.Core benefits that you will receive as standard are:

• 25 days holiday per year
• Private medical for yourself
• Pension contributions of at least 8% of basic salary each month (there are several contribution levels that increase depending on your age - up to 12% a month once you reach age 35).
• Life assurance of eight times your basic salary
• Income protection