Incident Response Analyst

Role & responsibilities

The Cybersecurity Incident Management and Response Team is responsible for effectively and efficiently managing all information and cybersecurity incidents across the Group on a 24x7 basis. This function is structured into two primary missions:

• Incident Management: Coordinating and orchestrating the global technical response to cybersecurity incidents, and ensuring timely, effective communication to Global Business and Functional stakeholders, Senior Executive Leadership, and relevant regulatory bodies.
• Incident Response: Conducting technical and forensic investigations arising from threat intelligence, security testing, and user-reported incidents. The goal is to effectively contain, mitigate, and remediate both active and potential attacks.

Key Responsibilities:

• Lead and perform technical and forensic investigations into global cybersecurity events, ensuring timely threat identification and mitigation.
• Conduct post-incident reviews to assess the effectiveness of controls and response capabilities; drive improvements where necessary.
• Deliver forensic services including evidence collection, processing, preservation, analysis, and presentation.
• Stay updated on emerging technology trends and cybersecurity best practices to provide guidance to business and IT functions.
• Collaborate with Global Cybersecurity Operations (GCO) and business teams to develop and maintain effective incident response playbooks.
• Contribute to the creation and enhancement of detection mechanisms (use cases) and security automation workflows.
• Define and refine detailed processes and procedures for managing cybersecurity events.
• Enhance technical capabilities of security platforms and incident response tools.
• Support the development of the teams capabilities, including training and mentoring junior team members.
• Promote a culture of transparency and continuous improvement by identifying and addressing weaknesses in people, processes, and technology.
• Drive self-improvement and maintain subject matter expertise in cybersecurity.
• Engage with global stakeholders to improve cybersecurity awareness and communicate the impact of cybersecurity initiatives.
• Generate and present management information and incident reports tailored for various audiences, supported by data and expert analysis.

Required Skills & Competencies:

• Strong understanding of cybersecurity incident management and investigation techniques.
• Hands-on experience with IDS/IPS systems, TCP/IP protocols, and common attack vectors.
• Ability to independently analyze complex problems and determine root causes.
• Effective communication skills with the ability to convey technical issues clearly to both technical and non-technical audiences.
• Sound decision-making abilities under pressure, with a focus on risk mitigation and operational resilience.
• Strong collaboration and stakeholder engagement skills across diverse teams.
• High level of integrity, urgency, and personal accountability.
• Demonstrated ethical conduct and commitment to organizational values.
• Knowledge of cybersecurity principles, global financial services, compliance requirements, and regulatory standards.
• Familiarity with industry frameworks and standards such as OWASP, ISO 27001/27002, PCI DSS, GLBA, FFIEC, CIS, and NIST.
• Experience in responding to advanced threats, including offensive security knowledge or experience with deception technologies (honeypots, tripwires, honey tokens, etc.).

Preferred Technical Skills:

• Cybersecurity Incident Management
• Intrusion Detection/Prevention Systems (IDS/IPS)
• TCP/IP Protocols and Network Analysis
• Forensics Tools and Techniques
• Security Automation & Orchestration Platforms
• Threat Intelligence Integration
• SIEM Tools (e.g., Splunk, QRadar, etc.)

Skills

Incident response,Forensic