Head of Cyber Threat Intelligence

Job purpose

The Head of Cyber Threat Intelligence (CTI) is the primary security leader focused on effective end-to-end management and communication of the largest cyber threats to CLS Bank and the FX ecosystem. This role ensures that cyber threats are continuously evaluated for risk and impact to CLS Bank, its membership, third parties, infrastructure, and wider ecosystem.

The Head of Cyber Threat Intelligence will act as primary liaison to threat sharing forums, government agencies and industry partners to collect, share, analyze, and interpret security threats to determine the relevance and potential impact to CLS. Using threat insight gained through these channels and other sources, the CTI function will provide contextualized and actionable intelligence that informs CLS risk appetite, strategic security priorities, security assessment scope, and preventive and detective operational controls.

The role requires maintaining an understanding of security threats relevant to CLS business operations to inform the assessment of cyber risks and integrate cyber threat intelligence into all aspects of our security program.

Leadership

• Threat Management – Maintain and communicate top 5 threats and top 5 vulnerabilities to the company, providing actionable intelligence for security operations and cyber resilience management.
• Threat Hunting – Generate threat intelligence that informs proactive threat hunting efforts to identify advanced and persistent threats that may not be detected by traditional security measures.
• Stakeholder Engagement – Build and maintain relationships with senior executives, board members, and other key stakeholders to ensure support for CTI initiatives.
• External Collaboration – Establish partnerships and collaborations with external organizations, such as threat sharing forums, government agencies and industry partners.
• Strategic Reporting – Provide strategic threat intelligence reports and briefings to senior management and the board to inform decision-making.

Strategic

• Strategic Leadership – Provide strategic direction for the organization’s CTI program, aligning it with the overall cybersecurity and business goals.
• Program Development – Develop and enhance the organization’s CTI program, including the establishment of advanced processes and methodologies.
• Research and Development – Drive research and development efforts to create innovative tools and techniques for CTI analysis and threat mitigation.

Operational

• Team Management – Oversee and manage a team of CTI analysts, including recruitment, training, and performance evaluation.
• Integration with Security Operations – Collaborate closely with the Security Operations / SOC to ensure effective threat detection and response processes.
• Crisis Management – Provide CTI awareness and actionable intelligence in support of major cybersecurity incidents and coordination of efforts to contain and recover from such incidents.
• Vendor Management – Evaluate and manage relationships with third-party threat intelligence vendors and service providers.
• Continuous Evaluation – Stay current with the latest cybersecurity threats and trends. Share knowledge with the CTI team and other cybersecurity professionals.
• Continuous Learning – Ensure CTI program maintains continuous lessons learnt processes with all security functions and specific technology functions to ensure 360 feedback and improvement both to CTI and other areas.
• Policy and Standards – Develop and update cybersecurity policies, standards and procedures based on evolving threat intelligence.
• Budget Management – Advise CISO on budgetary requirement for CTI activities, ensuring cost-effective utilization of resources.
• Regulatory Compliance – Ensure compliance with relevant cybersecurity regulations and standards and proactively adapt to new compliance requirements.
• Mentorship – Mentor junior CTI staff and contribute to their professional development.

Knowledge, skills and abilities

• A minimum of 15 years of information security experience with at least 10 years of experience with all-source cyber intelligence and analysis
• Experience with collecting, analyzing, and interpreting qualitative and quantitative data from multiple sources.
• Experience with cyber intelligence, computer network operations, information operations, information warfare, or cyber security topics
• Ability to communicate intelligence and analysis of cyber threats in various forms (written production; briefings) for a senior level audience.
• Knowledge of current hacking techniques, vulnerability disclosures, data breach incidents, and security analysis techniques
• Familiarity with link-analysis methods and software (e.g., Maltego, Analyst Notebook)
• Ability to develop specific expertise, discern patterns of complex threat actor behavior, and communicate an understanding of current and developing cyber threats.
• Can apply a variety of cyber-related analytic models to identify, track and support analysis of cyber threat actors and events. Examples of these techniques include, but are not limited to Use of the Diamond Model, Kill Chain Methodology, F3EAD, MITRE ATT&CK Framework
• Considerable working knowledge in one or more of the following topics APT, Cybercriminals, financially motivated cyber groups, Hacktivism, DDoS attack methods, malware variants, Mobile and Emerging Threats, Social Engineering, Insider Threats
• Monitor, tune and develop technical IT Security controls and frameworks to ensure appropriate preparation, monitoring and response to threats.
• Broad network and technology awareness, with the ability to convey complex or technical topics in a clear and concise manner.
• Understanding of foundational principles of intelligence and incident response
• Ability to collaborate effectively with others to drive forward key security objectives.
• Strong documentation and report writing skills (to both technical and business audiences)
• Excellent time management and organizational skills combined with technical IT Security acumen.
• Financial and/or Banking industry experience preferred.

Qualifications / certifications

• Active TS/SCI clearance desired.
• Knowledge of the intelligence community, US Government, and federal cyber centers.
• S. in a technology discipline (Computer Science, Computer Engineering, Cybersecurity or equivalent)
• Industry recognized security qualification in cybersecurity (e.g. GCTI, GCFE, GCHI or equivalent)
• Industry recognized security qualification as a general security practitioner (e.g. CISSP, GSEC, GCED or equivalent)
• Knowledge of incident handling life cycle based on an established framework: ISO 27035, SANS, NIST SP 800-61, CERT, ENISA
• A relevant advanced degree would enhance the candidate’s credentials