Manager, Cyber Fusion Centre

About FWD Group

FWD Group (1828.HK) is a pan-Asian life and health insurance business that serves approximately 34 million customers across 10 markets, including BRI Life in Indonesia. FWD's customer-led and tech-enabled approach aims to deliver innovative propositions, easy-to-understand products and a simpler insurance experience. Established in 2013, the company operates in some of the fastest-growing insurance markets in the world with a vision of changing the way people feel about insurance. FWD Group is listed on the main board of the Hong Kong Stock Exchange under the stock code 1828.

For more information, please visit

FWD Technology and Innovation Malaysia Sdn. Bhd., known as FWD TIM, was established in late 2019. Strategically located in Kuala Lumpur, FWD TIM serves as a pivotal shared service location within FWD Group, providing services to multiple markets across the Group. FWD TIM houses a diverse and talented workforce focused on essential business and technology services such as information security, cloud operations, IT solutions delivery, digital and data, actuarial, finance, investments, and customer service, among many others. FWD TIM is dedicated to drive and deliver operational excellence and efficiency, foster innovation and ensure regulatory compliance across all business functions as well as maintain a competitive edge in the market.

PURPOSE

• Lead the coordination, investigation, management, and resolution of a broad range of cyber-security incidents for FWD Group including all markets.
• Act as Level 3 Incident Response Manager (Individual Contributor) and perform timely and accurate highly critical and complex Cyber Incident Response cases across FWD Group, within the SLA, based on risks prioritisation and within established processes and SOPs.
• Proactively identify, propose and drive the transformation and enhancement projects through the management and collaboration with relevant internal teams and external solutions providers to continuously improve the Group Cyber Security Incident Response Management, Detection and Monitoring processes and SOPs, performed by internal teams and vendor, leveraging automation and technologies available.
• Build knowledge and coach Business Units IT Security leads, to understand their role in Cyber Incident Management.

KEY ACCOUNTABILITIES

• Oversee and guide service providers to ensure L1 incident response resolutions meet the expected SLA and to enhance their monitoring, triage investigation processes capabilities prior to escalation.
• Investigate incident response cases to identify root cause, and coordinate with multiple internal teams and external solutions providers to remediate and resolve issues on a timely manner and effectively.
• Leverage detection and response solutions in place, to further assess and proactively address any escalated potential incidents
• Identify and drive continuous improvement of FWD Cyber Incident detection, contextualization and response processes and tools, leveraging automation and orchestration where possible
• Manage and coordinate potential incidents escalations, for investigation, along with any required internal or external stakeholders
• Lead and manage the communication and coordination of Cyber Security Incident response actions with Business Units and ensure smooth and proper closure of the Incident Response cases
• Analyse the findings of Threat Intelligence and work with relevant internal teams and Business Units to coordinate and/or execute actions to ensure FWD Group prevention, detection and response capabilities setup is maximized against those new threats.
• Perform in-depth analysis of malware or other potential malicious processes or software identified in the organization
• Coordinate and manage Cyber Security testing activities, and provide advice on remediation
• Develop, document and maintain SOPs and knowledge base for cyber security services relating to incident response, intelligence analysis, evidence acquisition, forensics recovery, and others
• Continuous knowledge improvement in tools and best practices in Cyber Security threat monitoring and incident response, including contextualization and automation
• Evaluate new emerging Cyber Security technologies and make recommendations for adoption within FWD Group

KEY PERFORMANCE INDICATORS

• Timely and accurate coordination and management of all incident response cases within SLA
• Successful implementation of transformation and improvement initiatives to enhance Incident Response Management and Monitoring capabilities, with the support of Group IT Security Engineering teams
• Evolve Cyber Incident Monitoring, Contextualization and Response processes and SOPs, leveraging automation and technologies available
• Doing things right, creating synergies for the overall FWD goals and objectives, along with a people first approach

EXTERNAL & INTERNAL CONTACTS

• Group CISO
• Group Head of IT Security Monitoring and Incident Response
• Group IT and IT Security Teams
• Business Units IT and IT Security Teams
• IT Vendors and/or Service Providers

QUALIFICATIONS / EXPERIENCE

• Minimum 7 years working experience in Cyber Security Incident Management
• Degree from Information Technology or equivalent discipline
• Desirable Certifications on: ECCouncil Computer Hacking Forensics Investigator (CHFI), GIAC Certified Incident Handler (GCIH), GIAC Reverse Engineering
• Malware (GREM), GIAC Certified Forensic Analyst (GCFA)
• Regional experience in this role is preferred

KNOWLEDGE & TECHNICAL SKILLS

• Excellent knowledge of Advanced Persistent Threats, attack tools, techniques, and methods used by adversaries
• Excellent knowledge of penetration testing services and techniques.
• Excellent written and verbal communication skills and ability to perform working under pressure (IT Security Incidents)
• Excellent management and coordination skills with solid influencing skills to drive remediation, resolution and changes in a regional and multicultural environment
• Ability to define, prioritize and execute process in a structured manner
• Experience in an operational capacity as part of IT Security incident response function
• Experience with networking and TCP/IP traffic, along with firewall, SIEM, IPS, EPP, EDR, APT, DLP, proxy, antivirus, anti-spam and spyware solutions.
• Experience conducting log and activity review, along with stream or packet capture, in support of intrusion analysis.
• Desirable: Certification in Crowdstrike or Carbonblack EDR solutions.
• Desirable: Experience on Microsoft Sentinel, Splunk SIEM solutions
• Desirable: Experience with a programming/scripting language