Responsible for leading, coaching, supporting, and providing guidance and oversight to a team of Ops specialists to effectively resolve day to day operationsal security tasks and incidents. Act as Escalation point for specialists as a Level 2. Incident Response Specialist /SOC /L2 Breach and response as lead member. Provide direction, plan, oversee execute, analyse and measure, and report on various cyber security operations functions. Ensure centralised and dedicated cyber security technologies and operations functions operate at the right level of maturity, are effective and optimised. Ensure operations functions adequately support TIHs information & cyber security outcomes. Ensure operations functions produce relevant measurements and metrics to support TIHs cyber & information security decisions. Ensure operations functions continue to mature and adequately adapt to the changing threat landscape.
Responsibilities
Information Security
Define business impact of security incidents and identify and drive recommendations for change to prevent similar incidents. Ensure, through appropriate planning, execution, oversight of implementation and management of centralised and dedicated operations, TIH is able to appropriately identify, protect, detect, respond and recover to information & cyber security threats. Where possible, play the role of a lead-in to further enhancing and optimising said lifecycle. Ensure effective Threat Hunting and Threat Intelligence is performed. Conduct penetration testing/offensive security procedures as required.
Operations Management
Supervise others working within established operational systems. Participate and take ownership during information & cyber security incident response activities, and specifically as it pertains to cyber security operations. Act as Incident Response Specialist /SOC /L2 Breach and Response as lead member. Escalation point for specialists as a Level 2. Oversee and perform Identity and Access Management and Privileged access Management tasks.
Risk Management & Analysis
Develop and/or deliver a contingency plan for significant aspects of the risk management and/or control process. Maintain visibility of emerging information & cyber security threats and trends, and adjust operations activities to best defend against such threats.
Operational Compliance
Monitor and review performance and behaviors within area of responsibility to identify and resolve non-compliance with the organisation's policies and relevant regulatory codes and codes of conduct. Take ownership of and optimise operation of dedicated and centralised cyber security technologies. This includes establishing relevant, operating procedures and other mechanisms to ensure consistent execution and quality outcomes.
Insights and Reporting
Contribute to the design and creation of reporting strategies and templates. Lead execution of complex reports, identifying and interpreting complex patterns and trends, and translating those insights into actionable recommendations. Provide input on cyber security operations metrics and indicators. Report on key cyber security operations metrics and indicators to management and colleagues.
Stakeholder Engagement
Develop stakeholder engagement through identifying stakeholders, finding out their needs/issues/concerns and reacting to these to support the communication of business information and decisions. Build and maintain relationships with teams and areas within TIH towards ensuring collaboration and overall successful functioning of cyber security operations across the organisation. Collaborate with the Enterprise Architecture function around strategic cyber security technology selection and investment, or technologies with an impact on cyber security.
Operational Procedure Development
Draft policies, procedures, and related guidelines within an area of expertise to meet defined key principles and ensure compliance with external requirements. Take ownership of and drive maturity of operational technologies, associated workflows and procedures across a variety of areas such as Internet and dark web cyber threat exposure, network and communications security, endpoint security, identity & access management, application security for proactive and reactive technology protections, vulnerability management and incident response and forensics.
Cyber Security Project and Program Governance
Clarify roles and responsibilities within the project team and ensure project compliance with the organisation's wider program and/or portfolio management decision-making structures and processes. Participate and positively contribute to governance forums, committees or groups within TIH.
Personal Capability Building
Act as subject matter expert in an area of technology, policy, regulation, or operational management for the team. Maintain external accreditations and in[1]depth understanding of current and emerging external regulation and industry best practices through continuing professional development, attending conferences, and reading specialist media. Maintain and renew understanding of the information security operations landscape, both current and as it continues to evolve.
Building Capability
Implement the formal development framework for a team, with guidance from senior colleagues. Provide informal coaching to others throughout the organisation in area of expertise.
Continuous Improvement
Review existing operations in a major area of work and implement innovation processes to generate new ideas and ensure the required continuous improvement outcomes are delivered. Implement improvements and continuously mature cyber security operations activities.
Unlock your greatness & be unstoppable
GENERAL EDUCATION
Grade 12/ SAQA Accredited Equivalent (Essential)
Relevant industry certifications, such as Security+ ,CEH, MSCE, MCSA or equivalent (Essential)
University degree in an information technology or related domain (Advantageous)
Relevant Industry certification; OSCP or alternative in offensive or defensive security certifications (Advantageous)
Relevant system / IT engineering certifications in on prem or cloud environments (Advantageous)
General Experience
3 - 5 years' experience in information / cyber security (Essential)
Strong experience and understanding Cyber Security frameworks and applying it (Essential)
Experience In Security Operations (Essential)
Exposure and/or experience in Security Architecture (Advantageous)
Experience in Threat Hunting and Threat Intelligence (Advantageous)
- SAQA Accredited Equivalent - It is the onus of the applicant to provide TIH and its subsidiaries with certified evidence that their qualification(s) meet the equivalent NQF level required for this role at time of application. As a registered Financial Service Provider, we are mandated to ensure that all our representatives are and remain fit and proper at all times. By applying for this role, you consent to having your relevant qualification and or accreditation or confirm that you are Kubernetes working towards meeting the competency requirements. You further consent to the relevant information being verified.
