Senior Manager, Regional Subsidiary Security Operations

Job Purpose

The Senior Manager: Regional Subsidiary Security Operations is responsible for leading and managing the security operations of the assigned regional subsidiaries and delivering the defined security plans that will achieve the desired security posture for the subsidiaries. The SM SSO will be responsible to co-ordinate with the countries’ Information Security Managers and other security resources to drive the implementation of information security strategy, security controls and incident management in each country.

The bank is seeking someone with established background having led security function(s) across African markets, with strong technical and business knowledge, experience handling a fast-paced operational cadence, and a results-driven mindset. 

Job Responsibilities

Information Security Management

• Participate in planning business objectives.
• Coordinate the security risk program to set appropriate success metrics and consistently drive risk remediation across the region of responsibility.
• Identify, define, gather, and report cybersecurity risk metrics that are important to business leaders in collaboration with technical employees and other key stakeholders.
• Drive all risk program reporting for information security at all levels including executive levels.
• Develop and implement the next-level down risk management processes (process-level, asset-level (etc), including embedding risk assessments into existing country capabilities (architecture reviews, secure design, and system development)
• Develop and implement an information security awareness program for the bank that meets all industry regulations, standards and compliance requirements.
• Work with the GM Subsidiary Security Operations to continuously enhance Information Security at countries.

Information Security Operations 

• Drive timeous remediation of audit findings and risks in the region.
• Assessment of requests for deviation from security policies.
• Assess vendors / partners against the bank’s 3rd party security policies and track closure of observations highlighted.
• Drive the coverage and compliance of various security tooling across the region.
• Monitoring, reviewing, and reporting various security log sources to identify risks and issues.
• Conducting and follow-up of hardening, vulnerability scanning and penetration testing for bank region-wide IT infrastructure.
• Partner with GIS colleagues and country resources to help drive a culture of security awareness and proactive risk identification and assessment.
• Provide data for decision support.

People Leadership

• Provide oversight and leadership to an information security team (including employees, contract personnel and/or vendor partners and their resources).
• Drive innovation activity as an outcome.
• Continuously identify resource capacity and skills and drive the recruitment and training of resources.
• Manage the performance of the personnel.

Relationship Management

• Partner with Enterprise Cyber Risk Management to ensure that information security risk processes are integrated with the ERM Program.
• Establish trusted relationships with information security and I.T in each country to anticipate their objectives and needs to better serve them.

Knowledge and Experience

• Bachelor’s Degree/Diploma/Certificate in Information Technology, Information Security/Assurance, Engineering or a similar area of study
• Relevant industry certifications (CISSP, CEH, CISA, CISM, etc.) will be advantageous.
• Minimum 10 years of experience in a business or technology environment.
• Project management experience will be advantageous.
• In-depth understanding of information security concepts such as cyber-attacks and techniques, threat vectors, risk management, incident management etc. will be advantageous.
• Knowledge of industry-standard frameworks (ISO 27000, NIST, PCI DSS) will be advantageous.
• Ability to effectively provide a briefing to the business stakeholders regarding ongoing security incidents and threat levels.

Key Critical Competencies 

• Experience with regulatory compliance issues.
• Excellent written and verbal communication ability.
• Aptitude for effectively conveying complex information.
• Ability to handle high-pressure situations with key stakeholders.
• Good analytical skills, problem solving and interpersonal skills.
• Ability to plan and manage complex, organization-wide programs.
• Ability to prioritize and consistently meet deadlines.
• Good research skills.
• Ability to work late on critical tasks and incidents when required.

Role Complexity

• Exceptional attention to detail and the capacity to combine information from several sources and condense it into language suitable for a range of audiences in at least 13 technology domains in at least 7 markets of Equity Group.

Budgets/ Financial Input 

• Assist with the management of security budgets in line with business objectives and facilitate forecasting. Includes yearly CAPEX and OPEX Plans and tracking spending throughout the year.
• Manage initiatives budgets in line with business objectives.