Cyber Operations Manager (Western Cape) at Flash Group

Description

RESPONSIBILITIES:

• Lead and manage the 24/7 technology and information security monitoring function, ensuring continuous coverage of Flash systems across all shifts through effective scheduling, workload distribution, and contingency planning.
• Act as the primary escalation authority for complex, high-severity, or time-critical fraud cases and system incidents, driving timely resolution and coordinating cross-functional responses where required.
• Oversee the quality, accuracy, and timeliness of all incident logging, case management records, and shift handover documentation produced by the team.
• Monitor and report on team performance against defined SLAs, KPIs, and quality standards, identifying trends and implementing corrective or developmental actions as needed.
• Develop, maintain, and enforce standard operating procedures, escalation protocols, and runbooks to ensure consistency, compliance, and operational resilience across all monitoring activities.
• Manage team members through the full people management lifecycle, including performance reviews, coaching, development planning, and addressing conduct or capability concerns in line with HR policy.
• Produce data-driven management reports, threat trend analyses, and operational performance dashboards for senior leadership, translating complex technical findings into actional business intelligence.
• Collaborate with information security, fraud, technology, compliance, and risk teams to align monitoring strategy with the organisation’s security posture, risk appetite, and regulatory obligations.
• Identify and champion continuous improvement initiatives to enhance detection accuracy, reduce false-positive rates, and improve overall operational efficiency.
• Drive a culture of technical excellence and continuous learning within the team, including facilitating threat-hunting exercises, knowledge-sharing sessions, and exposure to emerging data and tooling.

Requirements

MINIMUM REQUIREMENTS:

• A diploma or degree in Information Technology, Computer Science, Finance, Business Management, or a related field.
• A postgraduate qualification or management diploma is advantageous.
• Certifications in fraud management (e.g. CFE - Certified Fraud Examiner), cybersecurity (e.g. CompTIA Security+), or IT service management (e.g. ITIL Foundation) are advantageous.
• 5 - 8 years' experience in a cybersecurity operations, fraud analytics, operations centre, or critical systems monitoring environment (required), with at least 1 - 2 years in a formal supervisory or team lead capacity.
• Prior experience within a financial services or payments environment.

REQUIRED KNOWLEDGE / TECHNICAL SKILLS:

• Sound knowledge of detection methodologies, alert triage frameworks, and escalation protocols in a real-time monitoring environment.
• Demonstrated ability to lead, schedule, and performance-manage shift-based operational teams.
• Proficiency in incident and case management tools.
• Strong working knowledge of payment systems and transaction processing (e.g. EFT, card schemes, real-time payments).
• Ability to produce operational reports, shift performance summaries, and management information for senior stakeholders.
• Hands-on experience with Flash or comparable payment processing platforms is advantageous.
• Exposure to monitoring or analytics tools is advantageous.
• Familiarity with cloud-native security tooling.
• Working knowledge of AML, or relevant South African financial regulatory frameworks (e.g. SARB, POPIA) is advantageous.
• Experience authoring or maintaining SOPs, runbooks, and operational process documentation is advantageous.
• Experience in red team / blue team exercises, penetration testing frameworks, or threat modelling methodologies is advantageous.

COMPETENCIES / ATTRIBUTES:

• Leadership & people development - coaches, motivates, and grows a team across rotating shifts, building a high-performance monitoring culture and addressing performance gaps proactively.
• Decision-making under pressure - exercises sound, timely judgement during high-severity cyber, fraud or system incidents, often with incomplete information and under time constraints.
• Analytical thinking - interprets alert patterns, incident data, and team performance metrics to identify systemic risks and improvement opportunities.
• Strategic analytical thinking – synthesis security telemetry, fraud data, and operational metrics to identify systemic risks, detection gaps, and strategic improvement priories beyond the immediate incident.
• Effective communication - conveys complex operational and cyber or fraud-related information clearly to the team, senior management, and cross-functional stakeholders, both verbally and in written reports.
• Accountability & ownership - holds end-to-end accountability for shift operations, SLA adherence, and team compliance with protocols.
• Planning & organising - manages shift rosters, workload allocation, and operational priorities to sustain 24/7 monitoring coverage without gaps.
• Stakeholder engagement - builds effective working relationships with information security, fraud, technology, compliance, risk, and business teams to align monitoring activities with broader organisational goals.
• Continuous improvement - proactively identifies process gaps, false-positive trends, and tooling limitations, and drives enhancements to improve detection effectiveness and team efficiency.