L3 Incident Response Manager Job in Abb

If you are looking for big, global challenges, IS is the place to come. ABB's portfolio includes some of the most advanced power and productivity products and systems in the world. To help us work more efficiently, you need to understand the power and potential of information technology. If you have the energy, discipline, and intellectual firepower to succeed, you will find almost limitless opportunities to stretch your thinking, expand your horizons and build your skills as you work with talented people all over the world.

The role reports to the Group Security Coordinator. As a Level 3 Incident Response Manager, you will lead and supports the handling of major security incidents within the respective time zones, handles and monitors the handling of minor security incidents, and supports service providers in this context on an as-needed basis. The role will support the follow-the-sun principle of incident handling within ABB. The IS Capabilities Level 3 Incident Response Specialist will support the Security Incident Service Manager in the delivery of the Security Incident Service to the business stakeholders.

Your responsibilities

• Understands and implements the Security Incident Process and Policies within the respective time zone.
• Handles Security Incidents assigned by the Security Incident Service Manager.
• Ensures that incidents are handled according to agreed procedures.
• Investigates escalated incidents and seeks resolution.
• Facilitates recovery, following resolution of incidents.
• Ensures that resolved incidents are properly documented and closed.
• Analyses cause of incidents, and informs service owners to minimize the probability of recurrence, and contributes to service improvement.
• Works closely with Security Incident Service Manager to identify areas of improvement for the security incident process and policies.
• Works with countries, businesses, and regions to identify key resources that can assist in the security incident process and incident handling.
• Defines standard methods and processes for incident resolution, delegates them to the back office, and oversees the work of the back office.
• Manages external parties supporting incident response.
• Supports the information security resources within the time zone with the information security operations.
• On assignment is involved in the installation, management, maintenance, and optimization of IS security solutions /services.
• Proactively supports the installation, management, maintenance, and optimization of internal and cross-functional processes related to IS security Services.
• Executes, for assigned tasks, all actions in IS processes according to agreed RACI specification.
• Consults and advice to ensure others comply with ABB IS Enterprise Architecture.
• Provides leadership to temporary work teams, guiding and monitoring task completion, sharing expert knowledge and advice normally without carrying line responsibility.
• On assignment and request identifies, proposes, advises, and implements existing IS technology and IS solutions/services, sharing knowledge.
• Keeps knowledge up to date regarding news and emerging IS technology and IS industry practices, bringing learning into ABB, all within the scope of the relevant IS solutions.

Your background

• Graduate with IT focus or equivalent practical experience.
• Security Certification (CISSP, CISM, GSEC, or others) is desirable.
• At least 4 years experience in IT/ IS or at least 2 years of experience in Security Incident handling, management, and coordination of Incident teams.
• Experience in Operational Technology /Industrial Control Systems is an advantage.
• Skills in change management, a proven track record in good communications and personnel management.
• Good English language skills (spoken and written).
• Ability to work under high pressure /stress-resistant.
• Broad IS Technology knowledge.
• Knowledge of current threat & attack vectors.
• Experience in Antivirus Technology and AV Tools, EDR Technology, EDR Tools, log analysis of Firewalls, Proxy servers, Operation Systems, and databases preferably via a SIEM.
• Servers/ clients/ mobile devices/ appliances/ OSs/ common applications, databases/ middleware in-depth knowledge.
• Cultural awareness and the ability to work in a complex, multicultural and global team.
• Willingness to be available beyond traditional work hours.