JOB SEEKERS
EMPLOYERS
JOBS QUICK-SEARCH
.net
.net developer
a+
abap
account manager
accountant
admin
administrator
analyst
architect
bookkeeper
business analyst
business intelligence
c#
call centre
ccna
cisco
cloud
cobol
consultant
delphi
desktop
desktop support
developer
engineer
finance
graduate
graduates
helpdesk
internship
it manager
it support
it technician
java
java developer
junior developer
legal
linux
manager
marketing
mcse
network
network administrator
oracle
personal assistant
php
php developer
programmer
project
project administrator
project manager
receptionist
sales
sap
secretary
security
sql
support
technical support
technician
test analyst
tester
web developer
NEWSLETTER
FOLLOW US
Head of Cyber Security Operations
Job Ref
244876
Job Type
Permanent
Employer Type
Company
Date Added
21 Jan 2015
Expiry Date 18 Feb 2015
Expiry Date 18 Feb 2015
* There have been 16 applications to this job.
* This job has been viewed 4411 times.
Employer:
Absa Group 1
Location:
Gauteng
Salary:
Market related
Benefits:
Role details:
Ensure that all activities and duties are carried out in full compliance with
regulatory requirements, Enterprise Wide Risk Management Framework
and internal Barclays Policies and Policy Standards
Understand and manage risks and risk events (incidents) relevant to the
role.
- - - - - - - - - - - - - -
Overall Job Purpose:The overall purpose of the Head of Cyber Security Operations role is to build and run a function that provides:
Identification of current and potential cyber security threats to the Barclays Africa Group (Cyber
intelligence).
High level incident response services during a cyber-security incident (CSIRT). and
Security Information and Event Management services for Africa (SIEM) integrated with the global
Barclays competency.
Accountability:
Cyber Intelligence
Define, build and manage processes around the collection of cyber intelligence from internal and external sources, targeting the audiences that need to act on the intelligence and keeping track that intelligence has been acted on.
Maintain distribution lists detailing which areas need to receive what pieces of intelligence to most effectively implement preventative measures.
Identify and incorporate new sources of intelligence in the function, and retire old sources when no longer useful, such that intelligence is relevant to the African operation.
Maintain relationships within the banking industry in South Africa, Africa, and the rest of the world.
Make optimal use of intelligence shared by industry bodies such as the SABRIC CSIRT.
Act as BAGLs cyber security operations representative on local and international industry forums such as SABRIC in South Africa.
Accountability: CSIRT:
Define, build, exercise and manage processes, integrated with Barclays group processes, to coordinate activity when an information security incident is detected.
Identify key stakeholders in all relevant areas of the group that needs to act in an information security incident. Provide relevant training and instruction to the actors on what is expected of them during an incident.
Define communications plans detailing how communications will be handled during an information security incident and ensure stakeholders are familiar with the plan and related expectations.
Play a key coordination role during cyber security incidents managing the security
operations team activities locally and abroad, and interfacing with technology
incident functions such as Major Incident Management, technology infrastructure divisions and vendors to contain the incident.
Oversee and track the remediation of identified vulnerabilities across the Africa group.
Work with the BCM function to conduct exercises to test the readiness of BAGL to react to various types of information security incidents.
Represent information security on internal and external forums to achieve the overall goal of reducing and preventing eCrime and fraud.
Accountability: SIEM
Define, build, and manage processes, integrated with Barclays group processes, to effectively monitor the Barclays Africa network and systems for cyber security
events.
Optimise use of the existing toolsets, be innovative in identifying new and better methods to analyse data and identify anomalies that could indicate a security
event, and suggest new toolsets.
Build in-house capabilities to perform investigations on suspected attack vectors such as malware, key-logging, hacking tools on the network, etc.
Build relationships with threat mitigation vendors such as the groups denial of service prevention provider. Understand and communicate processes to contact
and invoke emergency procedures.
Accountability: Risk and Control
Maintain Security Operations’ portion of the Information Security Risk and Controls register and update controls operated as operations evolve.
Identify new or better controls and implement as required.
Take responsibility for delivering relevant Sarbanes-Oxley controls and ensure year-round effectiveness of delivery
Ensure that all appropriate regulatory controls are performed in compliance with requirements and that an auditable evidence trail is maintained to prove
compliance
Ensure that all dependencies on other teams are clearly articulated and managed to ensure overall regulatory compliance for operational activities
Ensure that areas of non-compliance identified and an aggressive action plan initiated to deliver compliance.
Maintain an effective working relationship with Barclays Internal Audit and the group’s external audit providers.
Meet deadlines agreed to in the various control improvement programs of the group (control issues) and deadlines of actions agreed in audit issues.
Accountability: People and function management:
Define and manage resource requirements to effectively run a cyber-security operations function for BAGL, taking into account global competency and local demand.
Conduct performance and development management activities in line with BAGL HR requirements and guidelines.
Ensure that all team members are appropriately trained, developed and motivated.
Develop processes and supporting technology tool sets that are consistent, truly
global and meet the requirements of all customers.
Increase automation for all operational processes.
Conduct regular reporting as required by senior management. Reports may include measurements against key performance indicators, post incident reviews and root cause analysis, etc.
Present reports and operational matter at senior management and executive forums.
Education and Experience Required:
B-degree in a technology related field (NQF level no. 6). Postgrad degree preferred.
CISM, CISSP or equivalent qualifications preferred
10 years’ experience in a technology environment with at least 5 years focussed on information security.
Proven experience managing people
Proven experience in SOC, SIEM and CSIRT type functions
Knowledge & Skills: (Maximum of 6):
IT infrastructure and interoperation (major operating systems, database systems, middleware and networks)
Understanding of Attack Monitoring technologies and capabilities
Understanding of Incident Response procedures, with technical ability to ‘take control and co-ordinate’ major security incidents.
Deep knowledge of Intelligence, Incident response, Attack Monitoring operations, process management, ITIL disciplines
Broad and proven experience of a broad spectrum of security disciplines required.
Competencies: (Maximum of 8 competencies)
? Deciding and initiating action
? Learning and researching
? Entrepreneurial and commercial thinking
? Relating and networking
? Adapting and responding to change
? Persuading and influencing
? Creating and innovating