Head of Security Operations

Empowering You – to break new ground!

As part of the global NTT DATA Group, one of the top 5 IT service providers worldwide, we specialize in value-added SAP solutions. At NTT DATA Business Solutions, our focus is SAP Consulting, SAP Development, Managed Cloud Services, and Application Management Services (AMS) & Technology. Across the globe, we support customers in their digital transformation from start to finish.

OUR RECIPE FOR SUCCESS: DIVERSITY, OPENNESS, RESPECT, AND TOGETHERNESS.

With more than 13,000 employees from 64 nations in over 29 countries, our diverse workforce reflects our values. People are and will always be vital to our mission, playing a decisive role in everything we do.

ARE YOU READY TO BREAK NEW GROUND?

Location: Malaysia

What makes us special:

■ Team-oriented corporate culture, collaboration as equals and steady knowledge transfer

■ Family-friendliness (e.g. Childcare Center, paternity and maternity leave)

■ Diversity & Inclusion (e.g., various initiatives & communities)

■ Flexible working hours – depends on team and department

■ Inhouse Academy with a variety of professional technical training, soft skills training, SAP Learning Hub, and certification opportunities

■ Company health benefits (e.g. Medical Insurance for family member, Health Insurance, Optical and Dental Benefits, parking)

Do you love challenges?

Head of Security Operation is responsible for leading and managing the Security Operations Center at NTT Business Data Solutions to ensure effective monitoring, detection, and response to cybersecurity threats and incidents.  Additionally, the Head of Security Operation oversees the organization’s vulnerability management and penetration testing programs, ensuring the proactive identification and mitigation of security risks.

This role involves overseeing a team of security analysts, developing, and maintaining SOC processes, and ensuring the organization’s security posture aligns with industry standards and best practices. Furthermore, this role requires strategic oversight, technical expertise, and leadership to align security operations with business goals.

With more than 16 employees organized in Cyberjaya office, Malaysia, the SOC Team operate 24/7 to monitor and respond to cybersecurity threat for more than 17,000 client endpoints (notebooks) and more than 14,000 servers (on premise and cloud) organized in 6 global data centers.

Key Responsibilities:

1. Leadership and Team Management:

• Supervise Teams: Lead SOC analysts, vulnerability management, and penetration testing teams, ensuring high performance, accountability, and professional growth.
• Staff Development: Provide mentorship and training programs to upskill team members in SOC operations, vulnerability management, and penetration testing.
• Team Collaboration: Foster collaboration within the security teams and with other IT and business units.
• Shift Management: Ensure adequate staffing and shift rotations for 24/7 SOC operations.
• People Topics: Manage discipline and motivate the team by fostering collaboration, trust, and open communication while addressing conflicts constructively. Promote work-life balance and adaptability to drive team satisfaction and productivity.

2. SOC Operations Management:

• Real-Time Monitoring: Oversee 24/7 monitoring of security events using tools like SIEM, XDR, and other detection technologies.
• Incident Response: Manage the incident response lifecycle, ensuring timely detection, investigation, containment, and remediation of security incidents.
• Threat Analysis: Continuously assess and improve SOC capabilities to address emerging threats and vulnerabilities.
• SOC Playbooks: Develop, implement, and maintain comprehensive playbooks for effective incident response and threat handling.
• Performance Metrics: Measure and improve SOC effectiveness using metrics such as MTTD (Mean Time to Detect) and MTTR (Mean Time to Respond).

3. Incident Response Management:

• Incident Commander: Serve as the Incident Response Commander and act as Level 3 during critical security incidents, leading the incident response lifecycle.
• Coordination: Coordinate with internal teams, business team, Data Center stakeholders, and third-party vendors to resolve incidents effectively.
• Response Planning: Develop, maintain, and test incident response plans to ensure preparedness for various attack scenarios.
• Incident Handling: Oversee the detection, containment, eradication, and recovery phases of incident management.
• Post-Incident Review: Lead post-incident reviews, ensuring root cause analysis and lessons learned are documented and integrated into security operations.
• Communication: Provide timely updates to senior management and stakeholders during incidents, including clear and concise situational reports.

4. Technology and Tools Management:

• Tool Administration: Manage security tools and platforms, including XDR, SIEM, vulnerability scanners, penetration testing tools, and threat intelligence platforms.
• Optimization: Ensure tools are optimally configured, updated, and integrated with other systems for efficient operation.
• Evaluation: Continuously evaluate emerging technologies to enhance SOC capabilities.
• Automation: Drive automation initiatives to streamline monitoring, detection, and response activities.

5. Strategic Responsibilities, Compliance & Audit Support:

• Risk Management: Proactively identify, evaluate, and mitigate risks through SOC operations, vulnerability assessments, and penetration testing.
• Threat Intelligence Integration: Leverage threat intelligence to enhance proactive threat detection and prevention measures.
• Policy Development: Contribute to the development and enforcement of cybersecurity policies and procedures.
• Alignment with Business Goals: Ensure security operations align with organizational objectives and risk appetite.
• Regulatory Alignment: Ensure SOC operations, vulnerability management, and penetration testing comply with relevant regulations and frameworks (e.g., ISO 27001, GDPR, NIST).
• Audit Support: Provide documentation, evidence, and reports to support internal and external audits.
• Governance: Maintain governance over security operations to ensure alignment with industry best practices.

6. Vulnerability Management:

• Vulnerability Scanning: Oversee the regular scanning of infrastructure, applications, and systems to identify security vulnerabilities.
• Prioritization: Analyze and prioritize vulnerabilities based on severity, risk, and business impact.
• Remediation Coordination: Collaborate with IT teams to remediate vulnerabilities within defined SLA timelines.
• Policy Enforcement: Establish and enforce policies for continuous vulnerability assessment and management.
• Reporting: Provide detailed reports on vulnerabilities, trends, and remediation progress to stakeholders.

7. Communication and Reporting:

• Stakeholder Updates: Regularly communicate SOC, vulnerability, and penetration testing performance to Head of IT & DC Security and stakeholders.
• Incident Briefings: Provide detailed post-incident reports, including root cause analysis and remediation steps.
• Dashboards: Develop dashboards to present real-time SOC performance, incident status, and vulnerability results.

Convince us with your potential!
 

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• Minimum of 6 years of experience in cybersecurity, with at least 3 years in a SOC leadership role.
• Proven experience in building, managing, and optimizing a 24x7 SOC.
• In-depth knowledge and experience with cybersecurity frameworks such as NIST CSF, MITRE ATT&CK, and ISO 27001.
• Proven knowledge in vulnerability management and penetration testing.
• Experienced people manager able to lead global teams, ensure motivation and growth of the team members & foster collaboration
• A self-starter who thrives in building strategies and implementing solutions.
• Strong understanding of vulnerability management tools (e.g., Tenable, Qualys, Rapid7).
• Knowledge of CVSS (Common Vulnerability Scoring System) and how to apply it to risk assessments.
• Familiarity with patch management processes and tools.
• Hands-on experience with common attack vectors and methods for mitigating them.
• Experience with SIEM, IDS/IPS, and endpoint security tools is a plus.
• Relevant certifications (e.g., CISSP, CEH, OSCP) are highly desirable.
• Strong analytical skills with the ability to manage and interpret large amounts of security data.
• Excellent communication and collaboration skills, able to work across teams and present complex information to both technical and non-technical stakeholders.

Key Competencies:

• Strong understanding of security tools and technologies, including SIEM platforms, EDR, XDR, IDS/IPS, firewalls, threat intelligence, and Attack Surface Management platforms.
• Solid experience with network security, endpoint security, cloud security, and incident detection and response.
• Hands-on experience developing and maintaining security monitoring, detection, and response strategies using Microsoft Sentinel.
• Knowledge of threat intelligence platforms and integrating threat feeds into SOC operations.
• Familiarity with automation tools for incident response and playbook creation.