Head of IT Security Operations at Discovery Limited

Job Purpose
The Head of IT Security Operations manages the day-to-day operational aspects of the Information Security environment. This involves managing the activities of the information security team to ensure that daily activities associated with providing information security services to the organization are met.
The incumbent is responsible for establishing and enhancing the Discovery Bank’s overall IT security monitoring and operational activities.

Areas of responsibility may include but not limited to

•      The Head of IT Security Operations will take the form of setting up the business units IT security operations, developing Security Operations Centre (SOC) policies and standard operating procedures/ response plans/ playbooks, and developing a team to proactively detect malicious behaviour and enact countermeasures.
•     A key objective for this role will be to lower the information security risk profile of the business unit through establishing capabilities for proactive and continuous monitoring, detection and coordinated responses to common and advanced information security threats.
•     Develops and implements a robust security monitoring strategy by establishing a capability for continuous management of correlated business and technology rules to detect common and advanced information security threats. The strategy would include the collection and reporting of intelligent security operational metrics to management for decision making and providing real-time situational awareness.
•     Oversees and manages daily activities such as user account maintenance, activity report reviews, customer service centre call response etc.
•     Collaborates with business and technology teams, identifies and presents tactical and strategic recommendations on improving the business unit’s information security posture.
•     Manages and maintains security operations in line with the organisation’s Security Policy and Standards and Industry Best Practices.
•     Proactively monitors, assesses and continuously improves the organisation’s security posture by identifying security gaps within the environment and the services provided, making recommendations and taking remedial action.
•     Prepares management information, systems and service security reports.
•     Proactively manages threat detection and vulnerability management services and lead required remedial activities.
•     Reviews all security related activity to ensure service levels.
•     Performs access reviews.
•     Does the Admin Activity Review and logging.
•     Manages all the Threat Management and Incident Handling.
•     Manages and maintains the security incident handling process within the Bank.
•     Performs all Endpoint status review, Health checks for Security Apps and Malware alert reviews.

Personal Attributes and Skills

•     Values driven.
•     Facilitation and conflict resolution capabilities, and builds working relationships. 
•     Problem solving and analytical capabilities. 
•     Excellent written and verbal communication skills, with the ability to convey technical detail in clear and concise manner.
•     Ability to work under time constraints with minimal supervision in an agile environment.
•     Looks for ways to optimise and automate solutions and testing in continuous integration/development and deployment environments.
•     Willingness to both issue and accept challenges to analytical problems.
•     Knowledge of Banking products, processes and systems is an advantage.

Education and Experience

•     At least 7 to 10 years of experience exclusively in an Information Security role with an IT background.
•     Experience in overseeing an information security program in a banking or financial institution is required including solid experience and understanding of the regulatory environment and information security requirements of a financial institution.
•     Diploma or Degree in Information Technology or related IT qualification.
•     Relevant security certifications in information security – e.g. CISSP.
•     Sound knowledge of Information Security controls, concepts, and best practices is required along with a solid understanding of technology and associated security risks.
   

EMPLOYMENT EQUITY   
                             
The Company’s approved Employment Equity Plan and Targets will be considered as part of the recruitment process. As an Equal Opportunities employer, we actively encourage and welcome people with various disabilities to apply.