Manager, Information Security, Cyber

Company Description

Standard Bank Group is a leading Africa-focused financial services group, and an innovative player on the global stage, that offers a variety of career-enhancing opportunities – plus the chance to work alongside some of the sector’s most talented, motivated professionals. Our clients range from individuals, to businesses of all sizes, high net worth families and large multinational corporates and institutions. We’re passionate about creating growth in Africa. Bringing true, meaningful value to our clients and the communities we serve and creating a real sense of purpose for you.

Job Description

To provide expert professional knowledge and technical skills within a specialist area. To support the bank's Information Security initiatives, the associated decision making, planning and implementation to monitor and protect sensitive data and systems from infiltration or misuse..

Qualifications

Minimum Qualifications
Type of Qualification: First Degree
Field of Study: Information Technology

Experience Required
Cyber Security
Technology
3-4 years
People management and leadership experience

3-4 years
Proven experience in risk management or information security, databases, operating systems, and network security controls

3-4 years
Proven experience in software and integration development

Additional Information

Engage team and other appropriate stakeholders in problem solving and solution engineering, to optimise problem identification and mitigation.

Engage, consult and influence the business and appropriate IT executives on the selection of appropriate cyber security controls to combat cyber security threats.

Foster cross-functional collaboration between cyber security teams, ensuring goals and processes are aligned and priorities match, engaging various teams to further progress, as appropriate.

Guide and analyse, in collaboration with team, possible attack techniques and methods to identify and assess control weaknesses and vulnerabilities related to cyber security, support the process of reporting on findings and communicate high level recommendations to mitigate identified risks.

Guide and review the development of detailed detection, controls, process improvements related to cyber security designs by subordinates, participate in practical design processes as required.

Guide and support team through the development of threat models or attack paths, reviewing new legislation and industry best practices, suggesting offensive and defensive approaches to be developed for the Bank.

Guide, support and lead threat hypothesis, information assimilation and the designing, scoping and executing of threat hunts, participating as required and reviewing the remediation processes.

Identify metrics to monitor implementation for each intervention, support the application of metrics during and after implementation, if required.

Identify process and/ or control weaknesses and incorporate learnings into future threat responses with the use of post incident analysis .

Identify training and development needs, implementing plans to address requirements, as appropriate. Guide, support and enable subordinates to engage in cross functional developments, requesting collaboration from other managers and their teams, as required.

Identify, in collaboration with team, threats, vulnerabilities and related incidents; develop appropriate process and control improvements (both pro-active and reactive).

Implement the Information and Cyber Security strategy by operationalising strategic imperatives and planning for their execution.

Investigate identified new emerging technologies and investment opportunities so that they may be applied in Cyber Security.

Maintain and review service levels as agreed with service consumers to ensure optimum service delivery.

Manage the performance management process of team members, including goal setting, personal development planning, continuous performance monitoring, coaching conversations and formal evaluation and appraisal of annual performance contracts.

Manage the performance of direct and indirect reports in accordance with the performance management policy and procedure.

Monitor and guide threat hunts, the review of detection rules, to ensure efficacy and improvement of processes.

Monitor and maintain adherence to the Information and Cyber Security strategy so that a consistent imperative is realised.

Plan and coordinate incident response team schedule and work allocation in response to high risk incidents, upon initial identification of incident or breach, supporting the response team as appropriate, request remediation activities as found appropriate.

Plan, design and guide team through the execution of offensive security and planned threat assessments to identify vulnerable spots within the Banks environment, coordinating appropriate resolution processes within greater information security.

Provide feedback about Cyber security incidents (with emphasis on root cause and lessons learnt) to the superior, for information sharing and presentation purposes.

Provide input into the planning and forecasting of Cyber Security specific projects/ requirements.

Provide input to, and participate in the design and execution of regular awareness initiatives (road shows and digital communications) focusing on relevant cyber security threats, industry trends, specific strategies, tools and technologies to relevant stakeholders.

Provide insight into the Information Security strategy and add value to decision-making processes alongside other managers.

Report on all Cyber risks (including mitigation efforts), for risk and audit purposes.

Represent Standard Bank at intelligence or industry meetings and forums, gather information pertinent to the Standard Bank landscape and include in analysis and recommendations going forward.

Review existing cyber security technologies within discipline, optimising use and processes to aid in threat detection and response, identifying risk mitigation and cost minimising processes, for consideration and implementation by senior management.

Scope and implement the design and review of prevention, control measures, strategies and long term planning, continually incorporating learnings from incident analysis.

Scope, plan and implement projects for quarter, allocate work according to team capability, supporting design and implementation processes as needed.

Stay abreast of the internal and external threat landscape and identify appropriate Cyber Security risk mitigation strategies.