Manager - Cyber Security at Commonwealth Bank

Job description

The Role

This role reports to the CIO of CBSA with a matrix reporting line to the General Manager Cyber Security, APAC & Africa. The position will be actively involved in remediation activities for a large cyber security program and secure delivery of banking over the coming 12 months. The role will also be directly responsible for enabling the implementation of IT security controls commensurate with the risk appetite of the business.

This role also engages directly with country risk teams, regional Cyber security and technology risk, country Heads of Technology, and other key business stakeholders.

Security Manager is a key position tasked with embedding mandatory security and risk controls into the South Africa businesses. Managing all design and delivery aspects of cyber security, this role will leverage the regional team located in Hong Kong, the Group teams to enable the business strategy, the South Africa technology risk team, and be country lead and subject matter expert for the delivery of security controls for the South Africa business.

This position is based in Rosebank with a requirement to travel to centurion. The role is part of the regional cyber security team. Whilst working with the regional team, this role is responsible for the successful coordination and outcomes of security control delivery, mitigation of technology and cyber risks, data and information security and cyber security threat management for all CBA's operations in South Africa.

The role will need to help deliver and uplift the new digital bank, establish operational processes, plan and coordinate all security activities, understand technical and people challenges across South Africa, and lead the IT security capability. This is a key role for the Digital Protection Group (DPG) International team, and success will be the delivery of secure banking services in the country.

Key Responsibilities:

• Support the management of all digital security & technology risks within the Bank
• Work with the in country and regional Technology Risk teams
• Provide input to planning and delivery of non-negotiable security controls to all business units and their impact in the run of the bank processes
• Provide leadership and strategic direction for Cyber and Information Security capability, ranging from planning and development, and the collaboration with all stakeholders in DPG
• Responsible for embedding security control delivery into the agile SDLC methodology
• Determine and develop process for collecting meaningful metrics and reporting to align with regulatory requirements and governance frameworks across the region
• Working with the Technology Risk teams in South Africa and APAC to develop a common and consistent measurement of threat and risk
• Work to treat control gaps and remedial actions related to technology security incidents ensuring the adoption or development of relevant security services
• Representative for local security governance structures and processes
• Stay current with incident response, digital forensics methodology, the associated legal requirements and threats
• Identify security controls required for new digital banking platforms, including blockchain technology, digital banking, and associated SARB regulatory requirements
• Inspire, mentor and motivate country Technology staff to attain goals and pursue excellence in security capability
• Plan for and support the establishment of new security services in-line with changing threat profiles and organisational context

Experience and qualifications:

Your experience is ideally supported by the following:

• Strong technical knowledge of systems, networks, and security controls
• Outstanding communication skills both written and oral
• Outstanding influencing skills and organisational skills
• Ability to drive and manage own workload and operate within defined deadlines
• Seasoned understanding of Technology risk management principles and knowledge of Operational Risk and Compliance frameworks
• Inquisitive approach/ attention to detail
• Strong analytical and problem solving skills to develop acceptable solutions for the business
• Tertiary qualification in a relevant discipline will be preferred
• CISSP and/or CISA qualification desired
• 10+ years' experience in senior security roles
• Significant technical knowledge of platform and network infrastructure, cyber security, and technology risk
• Experience in large transformational change
• Demonstrated experience in working in large Banking & Finance projects
• Experience in core banking, mobile and digital banking transformation
• Practical experience in managing stakeholders to effect change, including strong influencing skills
• Hands on experience with deploying security controls
• Understanding of Agile development methodology
• Detailed understanding of SARB regulatory requirements in South Africa

Personal Competencies:

• Able to work within a fluid environment, reacting to events and juggling multiple work streams and priorities;
• Able to work as part of a team while proactively and independently delivering;
• Able to work to deadlines;
• Personal accountability;
• Can deal with ambiguity/change;
• Can function under pressure and maintain a positive attitude;
• You have a can do attitude and a strong work ethic to prove it;
• Have good problem solving skills (analysis of options and impact assessment)
• Good initiative, high energy level, self-starter and self-management ability (requires moderate supervision levels only)
• Must be a team player and work for the good of the team
• Able to interact with end users and up to middle management level of a business
• Inter personal communications skills and presentation skills
• Lateral thinking (willing to change and accept new ideas / concepts)
• Analytical thinking & decision making ability in a complex environment
• Good problem solving skills (analysis of options and impact assessment)