Join TIH, home to some of South Africa’s leading financial service providers, and grow your career while being part of an organisation with purpose.
Job Purpose
The Senior Manager: Cyber Security Operations and Engineering role forms part of the TIH Cyber Security and IT Governance Team, and will be responsible for providing direction, planning, overseeing execution, analysing and measuring, and reporting on dedicated cyber security operations and engineering functions. This includes ensuring that these functions operate at the right level of maturity, are effectively optimised, compliant and adequately support TIH's Cyber Security outcomes; produce relevant measurements and metrics to support TIH’s cyber security decisions; and that these functions continue to mature and adequately adapt to the changing threat and regulatory landscapes.Responsibilities
Information SecurityIdentify information and related assets, plus potential threats, vulnerabilities and impacts and evaluate the risks. Decide how to address or treat the risks i.e. to avoid, mitigate, share or accept them.
Collect business requirements using a variety of methods such as interviews, document analysis, workshops, and workflow analysis to express the requirements in terms of target user roles and goals.
Ensure alignment and compliance to TIH's IT governance framework, policies and standards.
Stakeholder Engagement
Develop stakeholder engagement through identifying stakeholders, finding out their needs/issues/concerns and reacting to these to support the communication of business information and decisions.
Identify the requirement for and participate in the selection of external consultants or advisors to deliver key projects and/or ad hoc services; ensure business objectives and requirements are clearly understood and monitor outcomes, taking appropriate remedial action where necessary.
Liaise and align strategies with the Corporate Risk, Legal and Compliance.
Liaise with external agencies to ensure the company maintains a strong security posture.
Coordinate the use of external resources involved in the information security program, including (but not limited to) interviewing, managing external resources, negotiating contracts and fees.
Leadership and Direction
Identify and communicate the actions needed to implement the function's strategy and business plan within the business area or department; explain the relationship to the broader organisation's mission, vision and values; motivate people to commit to these and to doing extraordinary things to achieve local business goals.
Policies and Procedures Development
Lead the development of standards, procedures, and related guidelines for a significant area of responsibility, ensuring compliance with external requirements and integration with the broader corporate policy framework.
Monitor and review processes to ensure risk/security and compliance arrangements are in place.
Risk Management & Analysis
Develop and/or deliver a contingency plan for significant aspects of the risk management and/or control process.
Facilitate the information security risk assessment process in conjunction with the IT Governance Risk and Compliance team, including the reporting and oversight of treatment efforts to address negative findings.
Insights and Reporting
Contribute to the design and creation of reporting strategies and templates. Lead execution of complex reports, identifying and interpreting complex patterns and trends, and translating those insights into actionable recommendations.
Identify and implement regular reporting mechanisms to provide visibility to enterprise risk teams and senior business leaders as part of the enterprise Cyber Security program.
Improvement / Innovation
Identify shortcomings in existing business practices, then suggest and implement improvements while developing and delivering projects or a work stream within the organisation's change management program. Involves working with guidance from senior colleagues.
Operational Compliance
Ensure that business activities within the area of responsibility comply with relevant external regulatory and/or voluntary codes and with internal policies and procedures to minimise business risk and to protect the reputation of the organisation.
Oversee the approval, training, and dissemination of security policies and practices within the Cyber Security Operations and Engineering functions.
Organisational Capability Building
Use the organisation's formal development framework to identify the team's individual development needs. Plan and implement actions to build their capabilities. Provide training or coaching to others throughout the organisation in own area of expertise to enable others to improve performance and fulfill personal potential.
Create and manage Cyber Security awareness training programs for all approved system users.
Budgeting
Develop and/or deliver budget plans with guidance from senior colleagues.
Develop, manage and report on information security budgets.
Personal Capability Building
Act as subject matter expert in an area of technology, policy, regulation, or operational management for the team and beyond in the function. Maintain external accreditations and in-depth understanding of current and emerging technologies, external regulation, and industry best practices through continuing professional development, attending conferences, and reading specialist media.
Operations Management
Support the overall organisational strategy by developing and delivering operational plans and outcomes for a large portion of the business. Lead, oversee and manage the cybersecurity operations and engineering functions at group level for all appropriate TIH entities and subsidiaries. Provide input, participate and collaborate on cyber security related projects, specifically within the technology domain, towards ensuring appropriate operations representation and to allow for more seamless operationalisation and handover. Assist in establishing and generating mature cyber security operations and engineering metrics and indicators. Report on key metrics and indicators to management, the executive and relevant oversight forums. Implement improvements and continuously mature cyber security operations functions.
Analysis of "As Is" and "To Be"
Document complex "as is" and "to be" processes and describe the changes required to migrate to the "to be" capability to record accurately the change required.
Education
Grade 12/ SAQA Accredited Equivalent (Essential) Relevant industry certifications, such as Security+ ,CEH, MSCE, MCSA or equivalent (Essential) University degree in an information technology or related domain (Advantageous) Relevant Industry certification; OSCP or alternative in offensive or defensive security certifications(Advantageous) Relevant system / IT engineering certifications in on prem or cloud environments (Advantageous)Experience
8 or more years' experience in Information Security (Essential); 2 or more years' experience in security operations (Essential) Experience in cyber security engineering and administration (Advantageous). 3 - 6 years' management experience (Essential)