Senior Manager: Cyber Security - Sandton at Blue Label Telecoms

JOB PURPOSE

Partners at all levels of the organization to develop strategies, implement, and execute group organization cybersecurity policies that reduce risks and mitigate consequences of cyberattacks and fraudulent activities.

RESPONSIBILITIES

Team Management

• Manage and lead the team to achieve individual, departmental and organizational goals
• Communicating goals to the team and showing how individual tasks and responsibilities fit into departmental and organizational goals
• Organize work to ensure that team members know what is expected of them and assigning tasks
• Allocating and managing resources, Cyber and Networking resources across business
• Leading the entire Cyber Security and network teams to ensure departmental objectives aligns to broader group strategies
• Ensuring team members are occasionally trained on cyber and network trends to keep abreast with the market
• Engage and collaborate with various Senior managements across business to ensure Cyber and networking environments are understood
• Encourage collaboration of team members with business, customers, support teams, POS Partners, and other stakeholders

Strategy Formation and Implementation

• Develop the strategy for a significant area of responsibility such as a function, anticipating complex issues, challenges, and opportunities. Ensure the strategy is successfully implemented and meets medium-term business needs
• Lead the development and implementation of strategy for the Cyber Security and Networking environment to address key responsibility, anticipating complex issues, challenges, and opportunities, and ensuring integration with wider corporate strategy

Technical Security Management

• Security Policies: Develop, update, and enforce security policies, standards, and procedures for the organization, ensuring compliance with industry regulations and best practices
• Security Infrastructure Setup: Design, implement, and maintain security infrastructure, including firewalls, intrusion detection/prevention systems, VPNs, and access control systems
• Vulnerability Assessment: Conduct regular vulnerability assessments and penetration testing to identify weaknesses in the organization's systems and networks
• Incident Response:Develop and maintain an incident response plan to address security breaches and incidents effectively. This may involve leading or participating in incident response efforts
• Information Security Management System: Operate, monitor and maintain an information security management system in compliance with the ISO27001:2022 requirements. Ensure effective security controls to pass surveillance audits
• Lead the selection, implementation and operation of cyber security services and solutions
• Monitoring and Detection: Set up and manage security monitoring and detection systems to identify suspicious activities and potential threats. Respond to alerts promptly
• Security Patch Management: Keep systems and software up-to-date by applying security patches and updates in a timely manner to mitigate known vulnerabilities
• Security Architecture Review: Review and assess the security of existing and new systems, applications, and architectures to identify and address potential security weaknesses
• Security Performance: Recommend suitable enhancements to improve information security performance
• Network Security: Monitor and manage network security, including perimeter security devices, network segmentation, and traffic filtering
• Security Auditing and Compliance: Conduct regular security audits and assessments to ensure compliance with industry standards (e.g., ISO 27001, NIST, CIS) and regulatory requirements (e.g., POPIA)
• Security Documentation: Maintain comprehensive documentation of security policies, procedures, configurations, and incident response plans
• Security Testing: Perform security testing and evaluation of software and hardware products to identify and mitigate potential vulnerabilities
• Security Awareness and Training: Conduct security awareness training programs for employees to ensure they are aware of best practices and potential threats
• Security Incident Investigation: Investigate security incidents, analyze root causes, and recommend improvements to prevent future occurrences
• Security Reporting: Prepare and present security reports to management and stakeholders, summarizing the organization's security posture and recommending improvements
• Security Research: Continuously research and evaluate new security technologies, tools, and methodologies to enhance the organization's security posture

Budgeting, Policies and Procedures Development

• Take responsibility for setting and managing area budgets so they align with organizational strategy
• Lead the development of policies, procedures, and related guidelines for a significant area of responsibility, ensuring compliance with external requirements and integration with the broader corporate policy framework

Internal Client Relationship Management

• Lead the development of partnering relationships with senior executives throughout the organization building high levels of professional credibility and mutual trust, and ensuring that internal clients have access to high-quality advice and guidance to support in delivering business strategy and plans

Business Planning

• Develop and gain agreement to annual business plans for a function or substantial business area, ensuring alignment with strategy; quantify business outcomes (i.e. revenues or other key performance indicators); detail expense and headcount budgets; and develop business cases for key projects, ensuring cross-functional integration. Demonstrate flexibility in balancing achievement of own objectives with abilities to understand and respond to organizational requirements
• Demonstrate good organizational skills, planning, prioritizing and execution
• Demonstrate good time management, essential for good self-management
• Demonstrate good goal setting skills in maintaining productivity
• Demonstrate good self-motivation to ensure progress on projects and activities

Requirements:

BEHAVIOURAL COMPETENCIES

• Assertive
• Analytical
• Flexible
• Confidence 
• Honest and Fair
• Positive Attitude     
• Courage    
• Tenacity     
• Achieves Results 
• Tech Savvy
• Customer focused
• Evaluating problems
• Investigate issues
• Information seeking
• Instils Trust
• Plans and Aligns

EDUCATION

• Matric
• Tertiary qualification in Information Technology 

EXPERIENCE

• Minimum 8+ years of related experience in Cyber Security and Networks preferred. 3 years of these should be at a management level
• Information Security certifications: ISO 27001, CISSP, Security + CISM, CEH, CRISC are preferred
• Strong Microsoft Office productivity tools knowledge (Excel, Word, PowerPoint, Outlook)
• Knowledge and training on agile methodologies (SAFe, Scrum, DSDM, Kanban etc.)