Manager, Cyber Resilience Testing

Req ID: 7531
- Job Description:

- **Duties and Responsibilities**
- As the Manager, Cyber Resilience Testing (CRT) Operations, you will be responsible for leading the strategic planning, execution, and continuous improvement of advanced cyber resilience testing, real-time attack simulations, and threat emulation exercises across the organization. You will set the vision and direction for the Red Team, ensuring that all activities are aligned with organizational objectives and regulatory requirements. Your role includes overseeing the development of testing methodologies, managing team performance, and ensuring that red team operations deliver actionable insights to strengthen the bank’s cyber defense posture. In addition, you will provide leadership and mentorship to the CRT team, fostering a culture of innovation, collaboration, and professional growth. You will collaborate closely with internal stakeholders, including blue teams and business units, to ensure effective knowledge transfer and incident response readiness.

**Key Performance Areas**
- Red Team Program Leadership
- Lead, mentor, and develop the Red Team, ensuring high performance and continuous skills development.
- Oversee the planning and execution of red teaming engagements, including adversary emulation and attack simulations.
- Develop and refine methodologies for threat modeling, attack surface analysis, and vulnerability assessments.
- Ensure timely and high-quality reporting to senior management, including executive summaries, risk assessments, and remediation recommendations.
- Drive continuous improvement of red teaming strategies based on emerging threats, attack techniques, and industry trends.
- Ensure compliance with Bank Negara Malaysia (BNM) RMiT, TIBER-MY, and other relevant regulatory and security frameworks.
- Cyber Security Program Oversight
- Oversee and support information/cyber security programs such as compromised assessment, threat hunting, and cyber drill exercises.
- Champion organization-wide information security education and awareness campaigns.
- Provide expert guidance and training to stakeholders on cyber threats and defensive strategies.
- Track and report on the effectiveness of cybersecurity programs and initiatives.
- Act as the primary point of contact for internal and external stakeholders regarding red team operations.

**Qualification** - Degree in Information Technology or any related fields.

**Years of Experience**
- Minimum 8+ years of experience in offensive security, penetration testing, or red teaming, with at least 4+ years in a leadership role
- 3 years job experience in Financial and Banking sector

**Specific Skills/Knowledge and Certification Required**
- Proven experience in leading red team or offensive security teams.
- Deep expertise in ethical hacking, adversary simulation, and advanced penetration testing.
- Strong knowledge of banking systems, integration, and regulatory requirements.
- Proficiency with tools such as Cobalt Strike, Metasploit, Empire, Mimikatz, Burp Suite, BloodHound, and custom scripts.
- In-depth understanding of network, cloud, web, and mobile security.
- Familiarity with threat hunting, purple teaming, and advanced attack methodologies.
- Strong knowledge of MITRE ATT&CK, TTPs, and modern attack frameworks.
- Industry certifications such as OSCP, OSCE, OSEP, CRTO, CISSP, GIAC (GCPN, GXPN, GCIH), or equivalent are highly preferred.
- Excellent analytical, problem-solving, communication, and leadership skills.
- Ability to communicate technical findings to both technical and non-technical stakeholders.