Senior Manager: Information and Cyber Security Intelligence (2743) at The South African National Roads Agency (SANRAL)

MINIMUM REQUIREMENTS:

• NQF Level 7 Bachelor’s degree, Advanced Diploma or equivalent in Information Technology.
• Advanced certifications such as CISSP or equivalent.
• 10 years min relevant experience.
• 5 years managerial experience.

KEY RESPONSIBILITIES:

Management:

• Lead complex projects in a matrixed, multi-stakeholder environment.
• Vendor and contract security negotiations.
• Project and resource management.
• Report writing and dashboard presentation.
• Ability to provide input in the development of the cyber security strategies, aligned with organizational goals.
• Manage and develop subordinates.
• Performance management.
• Training and development.
• Employee relations.
• Recruitment.
• Leave management.
• Strong knowledge and implementation of security frameworks (e.g. NIST, ISO/IEC 27001).
• Knowledge of legal, regulatory, and privacy requirements.
• Strong knowledge and experience with defining and implementing ICT security controls.
• Provide guidance to and monitor the IT security operations teams regarding patching and antivirus practices, particularly the response to zero-day threats.
• Develop security policies, procedures, processes and frameworks following industry trends.

Reporting:

• Prepare detailed information and cyber security operations reports and presentations for SANRAL’s senior management.

Micro Planning Cycle:

• Information and Cybersecurity Program Management & Project Planning (Quarterly/Monthly): Break down SANRAL’s strategic initiatives into actionable projects and manage their execution.
• Operational Security Management (Daily/Weekly): Oversee the day-to-day operations of security functions (e.g. Security Operations Center (SOC).
• Oversight: Ensure effective threat monitoring, detection, and alerting. Review SOC performance metrics).
• Threat & Vulnerability Management (Continuous/Weekly): Proactively identify and address emerging cyber security threats and vulnerabilities.
• Compliance & Audit Management (Quarterly/Ad-hoc): Ensure ongoing adherence to regulatory requirements and internal policies, and prepare for audits.

Macro Planning:

• Organisational & Business Context Alignment (Annual) – Understand SANRAL’s business strategy, critical assets, digital transformation initiatives, and risk tolerance to ensure security efforts support organizational goals.
• Threat Landscape Assessment – Conduct annual threat assessments to understand the global, regional (including specific threats relevant to South Africa/Africa), and industry-specific threat landscape.
• Cyber Security Threat Management Gap Analysis - Identify the most significant cyber risks to the organization based on the threat landscape and current security posture.