Director, Incident Response

• Provide strategic direction and leads the global incident response function, ensuring coordination across all regions and business units.
• Develops, maintains and continually improves the organisation’s incident response plan, aligning it with standards and regulatory requirements (NIST, ISO & DORA)
• Oversees end to end incident lifecycle, detection, containment, eradication, recovery and post incident reviews, making critical decisions in high pressure scenarios.
• Acts as the main liaison to JOC Incident Management, TCC, Legal & Compliance teams and external stakeholders, providing concise updates and recommendations throughout major incidents.
• Manages the allocation of resources and escalation procedures globally to prioritise and address complex / muti region incidents.
• Directs and reviews post incident reporting, ensuring effective documentation and driving the learnings and continuous improvement.
• Champions regular CSOC exercises (e.g. tabletop) and ensures team readiness through training, mentorship and ongoing skill development.
• Evaluates new or emerging cyber threats, working with Threat Intelligence, Cyber Threat Intelligence, SOC and technology leads to adapt strategies and enhance detection and response capabilities.
• Ensure the proper handling of legal, regulatory and privacy requirements during all incident response activities, co-ordinating with legal counsel where required.

Key Skills
Advanced incident management, soc leadership, technical acumen (forensics, SIEM/SOAR), regulatory knowledge, decision making under pressure, communication skills (technical/nontechnical), coordinate and inspire global teams.

Purpose of the role

To monitor the performance of operational controls, implement and manage security controls and consider lessons learnt in order to protect the bank from potential cyber-attacks and respond to threats. 

Accountabilities

• Management of security monitoring systems, including intrusive prevention and detection systems, to alert, detect and block potential cyber security incidents, and provide a prompt response to restore normal operations with minimised system damage.
• Identification of emerging cyber security threats, attack techniques and technologies to detect/prevent incidents, and collaborate with networks and conferences to gain industry knowledge and expertise.
• Management and analysis of security information and event management systems to collect, correlate and analyse security logs, events and alerts/potential threats.
• Triage of data loss prevention alerts to identify and prevent sensitive data for being exfiltrated from the banks network.
• Management of cyber security incidents including remediation & driving to closure.

Director Expectations

• To manage a business function, providing significant input to function wide strategic initiatives. Contribute to and influence policy and procedures for the function and plan, manage and consult on multiple complex and critical strategic projects, which may be business wide..
• They manage the direction of a large team or sub-function, leading other people managers and embedding a performance culture aligned to the values of the business. Or for an individual contributor, they lead organisation wide projects and act as deep technical expert and thought leader, identifying new ways of working and collaborating cross functionally. They will train, guide and coach less experienced specialists and provide information affecting long term profits, organisational risks and strategic decisions..
• Provide expert advice to senior functional management and committees to influence decisions made outside of own function, offering significant input to function wide strategic initiatives.
• Manage, coordinate and enable resourcing, budgeting and policy creation for a significant sub-function.
• Escalates breaches of policies / procedure appropriately.
• Foster and guide compliance, ensure regulations are observed that relevant processes in place to facilitate adherence.
• Focus on the external environment, regulators, or advocacy groups to both monitor and influence on behalf of Barclays, when appropriate.
• Demonstrate extensive knowledge of how the function integrates with the business division / Group to achieve the overall business objectives.
• Maintain broad and comprehensive knowledge of industry theories and practices within own discipline alongside up-to-date relevant sector / functional knowledge, and insight into external market developments / initiatives.
• Use interpretative thinking and advanced analytical skills to solve problems and design solutions in often complex/ sensitive situations.
• Exercise management authority to make significant decisions and certain strategic decisions or recommendations within own area.
• Negotiate with and influence stakeholders at a senior level both internally and externally.
• Act as principal contact point for key clients and counterparts in other functions/ businesses divisions.
• Mandated as a spokesperson for the function and business division.

All Senior Leaders are expected to demonstrate a clear set of leadership behaviours to create an environment for colleagues to thrive and deliver to a consistently excellent standard. The four LEAD behaviours are: L – Listen and be authentic, E – Energise and inspire, A – Align across the enterprise, D – Develop others.

All colleagues will be expected to demonstrate the Barclays Values of Respect, Integrity, Service, Excellence and Stewardship – our moral compass, helping us do what we believe is right. They will also be expected to demonstrate the Barclays Mindset – to Empower, Challenge and Drive – the operating manual for how we behave.