Manager Information Cyber Security

Company Description

Standard Bank Group is a leading Africa-focused financial services group, and an innovative player on the global stage, that offers a variety of career-enhancing opportunities – plus the chance to work alongside some of the sector’s most talented, motivated professionals. Our clients range from individuals, to businesses of all sizes, high net worth families and large multinational corporates and institutions. We’re passionate about creating growth in Africa. Bringing true, meaningful value to our clients and the communities we serve and creating a real sense of purpose for you.

Job Description

Technology & Architecture

•   Engage, consult and influence the business and appropriate IT executives on the selection of appropriate cyber security controls to combat cyber security threats.

•   Adhere to and implement the relevant Information Security technology standards developed by the wider IT Function.

•   Design, engineer, plan, implement, and support Cyber Security solutions by working with projects and business areas from initial design through build and test, as required.

•   Communicate incident resolution processes to seniors during the event, sharing appropriate information.

•   Foster cross-functional collaboration between cyber security teams, ensuring goals and processes are aligned and priorities match, engaging various teams to further progress, as appropriate.

•   Maintain and review service levels as agreed with service consumers to ensure optimum service delivery.

•   Build and maintain informal networks to retrieve and share information relating to cyber security incidents experienced by the corporate institutions in the South African market, attending networking events as requirement.

•   Identify, in collaboration with team, threats, vulnerabilities and related incidents; develop appropriate process and control improvements (both pro-active and reactive).

•   Guide and analyze, in collaboration with team, possible attack techniques and methods to identify and assess control weaknesses and vulnerabilities related to cyber security, support the process of reporting on findings and communicate high level recommendations to mitigate identified risks.

•   Guide and review the development of detailed detection, controls, process improvements related to cyber security designs by subordinates, participate in practical design processes as required.

•   Provide input into the planning and forecasting of Cyber Security specific projects/

requirements.

•   Scope, plan and implement projects for quarter, allocate work according to team capability, supporting design and implementation processes as needed.

•   Engage team and other appropriate stakeholders in problem solving and solution engineering, to optimize problem identification and mitigation.

•   Develop, lead and mature the implementation of a threat hunting program within the security operations Centre.

•   Guide, support and lead threat hypothesis, information assimilation and the designing, scoping and executing of threat hunts, participating as required and reviewing the remediation processes.

•   Monitor and guide threat hunts, the review of detection rules, to ensure efficacy and improvement of processes.

•   Plan and coordinate incident response team schedule and work allocation in response to high risk incidents, upon initial identification of incident or breach, supporting the response team as appropriate, request remediation activities as found appropriate.

•   Collaborate with the requisite IT resources and ensure that recovery efforts receive appropriate focus and priority post a cyber security incident by engaging with the relevant functions in Group IT.

•   Identify process and/ or control weaknesses and incorporate learnings into future threat responses with the use of post incident analysis .

•   Analyze threats and research trends in attacks and tactics, in relation to the markets and threat landscape and in collaboration with reporting team, present findings to seniors for decision making and implementation.

•   Guide and support team through the development of threat models or attack paths, reviewing new legislation and industry best practices, suggesting offensive and defensive approaches to be developed for the Bank.

•   Plan, design and guide team through the execution of offensive security and planned threat assessments to identify vulnerable spots within the Banks environment, coordinating appropriate resolution processes within greater information security.

•   Review existing cyber security technologies within discipline, optimising use and processes to aid in threat detection and response, identifying risk mitigation and cost minimizing processes, for consideration and implementation by senior management.

•   Scope and implement the design and review of prevention, control measures, strategies and long term planning, continually incorporating learnings from incident analysis.

•   Identify metrics to monitor implementation for each intervention, support the application of metrics during and after implementation, if required.

•   Provide feedback about Cyber security incidents (with emphasis on root cause and lessons learnt) to the superior, for information sharing and presentation purposes.

•   Report on all Cyber risks (including mitigation efforts), for risk and audit purposes.

•   Represent Standard Bank at intelligence or industry meetings and forums, gather information pertinent to the Standard Bank landscape and include in analysis and recommendations going forward.

•   Collaboratively update cyber security catalogue with interventions that align to strategy as well as in response to identified threats, promote awareness of these service offerings to ensure timely engagement by senior technical and business managers.

•   Coordinate a review of organizational readiness, guiding and participating where necessary, for incident response and quick decision making.

•   Provide input to, and participate in the design and execution of regular awareness initiatives (road shows and digital communications) focusing on relevant cyber security threats, industry trends, specific strategies, tools and technologies to relevant stakeholders.

Strategy

•   Implement the Information and Cyber Security strategy by operationalizing strategic imperatives and planning for their execution.

•   Investigate identified new emerging technologies and investment opportunities so that they may be applied in Cyber Security.

•   Monitor and maintain adherence to the Information and Cyber Security strategy so that a consistent imperative is realized.

•   Stay abreast of the internal and external threat landscape and identify appropriate Cyber Security risk mitigation strategies.

•   Contribute to the development and implementation of internal controls, policies and guidelines for the function.

•   Check that policies are in line with the functional objectives and relevant statutory

requirements.

•   Develop, implement and maintain effective and efficient procedures and processes for effective functioning of the business area.

•   Provide insight into the Information Security strategy and add value to decision-making processes alongside other managers.

•   Act as a trusted adviser for technology across the Group and stakeholders.

Financial Management

•   Contribute to budget requirements and requests for the business area in order to meet the operational targets identified during operational and strategic planning.

•   Continue to assess cost and benefit of controls and identify products or processes where cost exceeds the benefit.

•   Adhere to, and recommend enhancements to Group minimum standards for vendor selection and select the most appropriate vendor with required expertise.

People

•   Coach and mentor team members, enhancing their knowledge and skills, as the need is identified. Build and develop relationships with various internal stakeholders with the intention of breaking down silos to maximize business growth.

•   Manage the performance management process of team members, including goal setting, personal development planning, continuous performance monitoring, coaching conversations and formal evaluation and appraisal of annual performance contracts.

•   Manage the performance of direct and indirect reports in accordance with the performance management policy and procedure.

•   Identify training and development needs, implementing plans to address requirements, as appropriate. Guide, support and enable subordinates to engage in cross functional developments, requesting collaboration from other managers and their teams, as required.

•   Create workforce and headcount plans, request for headcount, role and reporting line changes, ensuring that the requests are aligned to capacity requirements for objective attainment, and implement when approved.

Qualifications

First Degree in Information Technology

Experience 

Information Security - 3-4years Proven experience in risk management or information security, databases, operating systems, and network

Engineering (includes Cloud and Resilience) - 3-4years Proven experience in software and integration development

Technology Practice (Domain) Management and Leadership - 3-4years People management and leadership experience

 

Additional Information

Behavioural Competencies

Making Decisions

Providing Insights

Taking Action

Directing People

Technical Competencies

Service Management Processes

Technical Analysis

Data Analysis

IT Strategy & Planning