Cyber Security Manager
|Job Title:||Cyber Security Manager|
|Job Published:||June 06, 2017 07:24|
In addition to a strategy that will take the group to a significant place in the South African economy the team are also developing technologies, propositions and solutions that can be leveraged throughout the CBA emerging markets business. The South African business comprises an IT development capability in addition to the company focused on building new and exciting banking propositions.
This role reports to the CIO with a matrix reporting line to the General Manager Cyber Security, APAC & Africa. The position will be actively involved in remediation activities for a large cyber security program and secure delivery of banking over the coming 12 months. The role will also be directly responsible for enabling the implementation of security controls commensurate with the risk appetite of the business. This role also engages directly with country risk teams, regional Cyber security and technology risk, country Heads of Technology, and other key business stakeholders.
The Manager: Cyber Security is a key position tasked with embedding mandatory security and risk controls into the South Africa businesses. Managing all design and delivery aspects of cyber security, this role will leverage the regional team located in Hong Kong, the Group teams to enable the business strategy, the South Africa technology risk team, and be country lead and subject matter expert for the delivery of security controls for the South Africa business. Whilst working with the regional team, this role is responsible for the successful coordination and outcomes of security control delivery, mitigation of technology and cyber risks, and cyber security threat management for all operations in South Africa. The role will need to help deliver and uplift the new digital bank, establish operational processes, plan and coordinate all security activities, understand technical and people challenges across South Africa, and lead the cyber security capability. This is a key role for the Digital Protection Group (DPG) International team, and success will be the delivery of secure banking services in the country.
Support the management of security & technology risks within the Bank
Work with the in country and regional Technology Risk teams
Provide input to planning and delivery of non-negotiable security controls to all business units and their impact in the run of the bank processes Provide leadership and strategic direction for Cyber Security capability, ranging from planning and development, and the collaboration with all stakeholders in DPG
Responsible for embedding security control delivery into the agile SDLC methodology
Determine and develop process for collecting meaningful metrics and reporting to align with regulatory requirements and governance frameworks across the region
Working with the Technology Risk teams in South Africa and APAC to develop a common and consistent measurement of threat and risk
Work to treat control gaps and remedial actions related to cyber security incidents ensuring the adoption or development of relevant security services
Representative for local security governance structures and processes
Stay current with incident response, digital forensics methodology, the associated legal requirements and threats applicable to South Africa, and participate in the development of these security capabilities across APAC
Identify security controls required for new digital banking platforms, including blockchain technology, digital banking, and associated SARB regulatory requirements
Inspire, mentor and motivate country Technology staff to attain goals and pursue excellence in security capability
Plan for and support the establishment of new security services in-line with changing threat profiles and organisational context
Internal support functions including HR, Risk and Finance People Capabilities
Our people capabilities are reflective of our culture and, regardless of level, are capabilities we expect to see demonstrated by all employees.
Creating value in each customer interaction and focusing on the total customer experience,
Communicating clearly and with impact to ensure understanding, engagement and commitment to action.
Team and Culture:
Inspires others to demonstrate the Group’s values and works together to create a passionate, high performing culture.
Initiating action and committing to achieving business outcomes by taking accountability for goals.
Understanding and using knowledge, industry information and financial drivers in decisions and actions.
Continuously improving and innovating what we do to make things simple and easy for our customer and each other.
Your experience is ideally supported by the following:
Strong technical knowledge of systems, networks, and security controls
Outstanding communication skills both written and oral
Outstanding influencing skills and organisational skills
Ability to drive and manage own workload and operate within defined deadlines
Seasoned understanding of Technology risk management principles and knowledge of Operational Risk and Compliance frameworks
Inquisitive approach/ attention to detail
Strong analytical and problem solving skills to develop acceptable solutions for the business
Tertiary qualification in a relevant discipline will be preferred
• CISSP and/or CISA qualification desired
5+ years’ experience in senior security roles
Significant technical knowledge of platform and network infrastructure, cyber security, and technology risk
Experience in large transformational change
Demonstrated experience in working in large Banking & Finance projects
Experience in core banking, mobile and digital banking transformation
Practical experience in managing stakeholders to effect change, including strong influencing skills
Hands on experience with deploying security controls
Understanding of Agile development methodology
Detailed understanding of SARB regulatory requirements in South Africa Personal competencies
Able to work within a fluid environment, reacting to events and juggling multiple work streams and priorities;
Able to work as part of a team while proactively and independently delivering;
Able to work to deadlines;
Can deal with ambiguity/change;
Can function under pressure and maintain a positive attitude;
You have a can do attitude and a strong work ethic to prove it;
Have good problem solving skills (analysis of options and impact assessment)
Good initiative, high energy level, self-starter and self-management ability (requires moderate supervision levels only)
Must be a team player and work for the good of the team
Able to interact with end users and up to middle management level of a business
Inter personal communications skills and presentation skills
Lateral thinking (willing to change and accept new ideas / concepts)
Analytical thinking & decision making ability in a complex environment
Good problem solving skills (analysis of options and impact assessment)
Flexibility and adaptability (Flexibility and innovation in approach)
Motivating and influencing others (ability to lobby new concepts to relevant parties)
People networking and good, rapid relationship building
High quality of output
Consultative approach to resolution of issues and problems
Able to coach and guide more junior developers
Will be required to work outside normal working hours from time to time which may include weekends
Will be required to be on standby from time to time. How often will depend on the schedule setup
May be required to travel (both local and international) from time to time
Must be able to work in a high stress environment and maintain a positive attitude
Have your own reliable transport
Have your own cellphone
Have a valid driver’s license
Have a clear criminal and credit record