Cyber Security Incident Response Manager

BAT is evolving at pace – truly like no other organisation.

To achieve the ambition, we have set for ourselves, we are looking for colleagues who are ready to live our ethos every day. Come be a part of this journey!

SENIORITY LEVEL: Senior Level

FUNCTION: DBS / IDT

SALARY RANGE: competitive salary + excellent benefits + market leading bonus

LOCATION: Warsaw, Poland

ROLE POSITIONING AND OBJECTIVES

With the growing coverage of Security Operations Centre (SOC) and increasing the numbers of systems under monitoring,  the number of incidents to manage and resolve is expected to grow. Further, Phishing attempts and attacks are on the raise and many of those require in depts investigation and immediate action to contain the risk.

The role is responsible for providing coverage for all DBS security incidents during normal PL business hours as part of the Global BAT IDT Security Incident response team (supporting KL, UK, Poland & USA)

Reports to: Head of Cyber Incident Resp & Continuity

Reporting Level: Individual Contributor

Geographic Scope: Global

WHAT YOU WILL BE ACCOUNTABLE FOR

• Detecting and analyzing IT security threats, including intelligence-led threat hunting, which might include activities such as malware analysis, and creation of rulesets;
• Developing the team’s capabilities by developing or integrating tools or systems that can be used for analyzing evidence during an incident.
• During an incident, responsible for, Evidence collection, Digital forensic analysis; and Eradication, Containment, and Recovery activities.
• Conducting Post Incident Response reviews to improve controls and to ensure the Information Security plan is updated to reflect
• Leading the Vulnerability Management and Phishing Teams
• Help with procedure for internally reporting and tracking IT security incidents, ensuring that incident response and escalation procedures are followed; inform all employees, contractors, and third-party users of their responsibility to report IT security incidents.
• Participate and/or oversee in the investigation and management of information security events, incidents and policy violations; track to conclusion and lessons learnt / recommendations.
• Understand external and internal Cyber Threat Landscape and business agenda to be able to proactively point areas increased risk for security incidents,
• Enforce stated policy for the notification and reporting of incidents immediately upon discovery.
• Review the process(s) regularly, including in relation to its dependencies (SIEM, IT incident management, IT Major Incident Management, Crisis Management); suggest and oversee implementation of improvements.
• Provide technical expertise in security hardening method/setting to protect IT systems from infiltration and ability to determine how an IT system was broken into or recover lost files
• Work with law enforcement agency to analyze data and evaluate its relevance to the case under investigation and ensure the evidence are preserved and transfer into a format that can be used for legal purposes (i.e. criminal trials) and potentially testify in court themselves

CAN THIS BE YOUR FUTURE ROLE?

• Have you managed a cyber security incident end to end?
• What forensic analyses tools are you comfortable with?

ESSENTIAL EXPERIENCE, SKILLS AND KNOWLEDGE

• Education: Bachelor’s degree in computer science or information technology preferred;
• 5 or more years of progressive information security and IT experience;
• Experience in data recovery techniques such as recovery of data like documents, photos and e-mails from computer hard drives and other data storage devices, such as zip and flash drives, that have been deleted, damaged or otherwise manipulated;
• Experienced in examination of computers that may have been involved in other types of crime to find evidence of illegal activity; Expertise in hacking and intrusion techniques and prior experience with security testing and computer system diagnostics;
• Intimate and up to date knowledge and experience of world class IT Security methods and best practice;
• Familiar with use forensic tools and investigative methods to find specific electronic data, and provision with technical skills to hunt for files and information that have been hidden, deleted or lost;
• Experience of working in a complex geographical/functional matrix organization; Skills in relationship management and influencing at all levels of the organization;
• Extensive experience in IT related positions, with experience in managing teams and technical expert.

BENEFICIAL

• Vulnerability Management Experience
• Professional certification in IT Security or Forensic preferred – e.g. CFCE, CHFI, GCIH, GCFA or GCIA etc.;

WE ARE BAT

At BAT we are committed to our Purpose of creating A Better Tomorrow. This is what drives our people and our passion for innovation. See what is possible for you at BAT.

• Global Top Employer with 53,000 BAT people across more than 180 markets
• Brands sold in over 200 markets, made in 44 factories in 42 countries
• Newly established Tech Hubs building world-class capabilities for innovation in 4 strategic locations
• Diversity leader in the Financial Times and International Women’s Day Best Practice winner
• Seal Award winner – one of 50 most sustainable companies

BELONGING, ACHIEVING, TOGETHER

Collaboration, diversity and teamwork underpin everything we do here at BAT. We know that collaborating with colleagues from different backgrounds is what makes us stronger and best prepared to meet our business goals. Come bring your difference!