DNEG’s Information Security (InfoSec) program has the requirement to build an internal Security Operations (SecOps) function in order to successfully preserve the confidentiality, integrity and availability (CIA) of its, and client’s, confidential data, PII and systems and services. The overview of the SecOps program is listed below.

Mandatory Requirements and Expectations
The building block in actualizing the SecOps function will be to recruit a seasoned Security Operations Centre (SOC) Lead to assist with applying the following crucial requirements:

• Assisting with operationalizing the company’s ISMS framework at scale through a robust, 24x7‑capable SOC function.
• Experience with working with numerous security and audit frameworks and ensuring operational efficiency of delivering against these crucial compliance and governance requirements through SOC processes, metrics and evidence.
• Assisting with architecting an optimal operational support model to monitor, detect, investigate and mitigate/minimize/manage key risk indicators and output derived from the company’s IT infrastructure, identity, cloud and data services.
• Identifying, hiring, maturing and managing the SecOps team, including skills development, shift models and succession planning.
• Applying critical incident response action and suitable escalation to contain and minimize verified compromise, including leading major incident handling and post‑incident reviews.

Duties and Operational Responsibilities

• Manage daily/BAU operational security operations and act as the overall owner for SOC performance and service quality.
• Mature and develop the SOC processes and be responsible for building and continuously improving the SOC function (people, process and technology).
• Develop and maintain SOC operational processes and runbooks. Identify gaps and ensure that all necessary information and security telemetry is continuously being collected, correlated, aggregated and analyzed to detect potential cybersecurity risk to DNEG.
• Develop and implement SECOPS key performance indicators (KPIs) and key risk indicators (KRIs) to ensure that optimum service delivery is being met and demonstrated.
• Work proactively, independently and partner with other internal teams to further streamline and mature all SECOPS processes and procedures, embedding SOC requirements into projects and change processes.
• Responsible for BAU day to day management of the SOC and ensure that daily operation activities are running at optimum performance, with effective prioritization and workload management.
• Act in a leadership capacity and nature and build the effectiveness, partnerships and collaboration within the team and with peers and stakeholders across technology and the business.
• Responsible for ensuring that all cybersecurity detection, response, and recovery processes and procedures are up-to-date, relevant and adhered to by the SOC and wider technology teams.
• Responsible and accountable for managing all aspects related to cyber security incident management and response, including coordination with legal, privacy, client and senior leadership where appropriate.
• Develop and provide applicable reporting operating metrics demonstrating all facets of the SECOPs function and role within DNEG, including threat trends, incident summaries and improvement plans.

Job Requirements

Mandatory Job Requirements
A successful candidate will meet the majority of the requirements listed below and will be able to demonstrate suitable experience and competencies in each of the following:

• 08-12 years of total experience, of successfully building, developing and operationalizing a SecOps/SOC function within a highly technical and complex operating environment.
• In-depth experience and knowledge of all facets of cybersecurity operations, incident response (IR) management, processes and procedures and investigations.
• Strong leadership and operational management skills and ability to demonstrate previous and/or current experience of building and maturing a SecOps/SOC function.

Excellent, and demonstrable, technical knowledge, application and experience with the following:

• Network Security: Firewalls, IDS/IPS, VPN, Proxy Servers, Email and Web Content Filters.
• Anti-Virus/Malware Mitigation (EPP/EDR): Signature and signatureless/behaviour-based solutions, investigation and containment.
• Access Control Concepts and Application, including identity‑centric detection and response.
• DLP Solutions and related data protection controls.
• Operating Systems: MS Windows (Client and Server O/S); multiple LINUX distributions; macOS.

Excellent and demonstrable, technical knowledge, application and experience with the following:

• Security data analytics and reporting, including SOC dashboards, KPIs and executive reporting.
• SIEM, security data aggregation and correlation knowledge, including defining SIEM rules/use cases, tuning, and downstream monitoring, detection and threat hunting processes.
• MITRE ATT&CK framework and its application to use‑case development, gap analysis and threat‑informed defence.
• Knowledge and experience of working with the following Information Security frameworks:

• • ISO 27001:2013
• • PCI/DSS
  • CIS
  • NIST
• Excellent knowledge of identity management systems and processes and familiarity with both existing and emerging threats as they pertain to IdAM.
• Excellent knowledge and experience of using vulnerability assurance management toolsets and services, including risk‑based prioritization and remediation tracking.
• Excellent knowledge and experience of network and application penetration testing methodologies and practice, and how to consume and operationalize findings.
• Enhance and mature existing applied InfoSec technologies that are utilized for the SecOps function (e.g., SIEM, EDR, DLP, SOAR, cloud security tooling).
• Knowledge of privacy compliance and privacy frameworks and their applicability to a SecOps function would be desirable, e.g., GDPR.
• Strong knowledge and demonstrable experience of Cloud Security (especially SaaS and PaaS), concepts and application, including integrating cloud telemetry into SOC workflows.
• Demonstrate experience of being able to fulfil requirements and prioritize workstreams in a fast‑paced, global environment.
• A strong team player who also works effectively in an independent capacity.
• Highly motivated and bringing a forward‑thinking and highly collaborative approach to the SecOps function.

Education

• • A bachelor’s degree in IT or Computer Science.
  • Certified Information Systems Security Professional (CISSP), Certified Information System Auditor (CISA), CISM, IISP, or other equivalent Security certification/accreditation is desirable.