Reporting to Head of IT, the successful candidate will be responsible for the following:

Main Responsibilities:

Security Strategy Development

• Conducting ongoing analysis of the threat landscape, including emerging threats, vulnerabilities, and industry trends. Adapting security strategies to address identified risks effectively.
• Implementing and maintaining a security framework (e.g., NIST Cybersecurity Framework) to guide the organization’s cybersecurity initiatives and ensure alignment with best practices.
• Reviewing the compliance of integrating security tools and processes into the DevOps pipelines and the adherence to security requirements for low code platforms.

Incident Response and Operations

• Overseeing real-time monitoring of security incidents, ensuring the incident response team can react swiftly to emerging threats.
• Leading the incident response team in developing and maintaining an incident response plan, ensuring readiness to respond to security breaches.
• Coordinating post-incident investigations to determine root causes and implement lessons learned to prevent recurrence.
• Performing vulnerability assessments and patching exercises.
• Maintaining secure score standards in accordance with company standards.

Vendor Management

• Conducting security assessments of third-party vendors to evaluate their security posture and compliance with organisational standards.
• Establishing ongoing monitoring processes for vendor compliance, including regular security audits and performance reviews.
• Developing protocols for coordinating incident response with vendors, ensuring clear communication and collaboration during security events involving third-party services.

Cyber Awareness and Training Programs

• Conducting phishing simulations and other practical exercises to assess employee awareness and readiness against common threats.
• Coordinating and leading the annual tabletop exercise.
• Any other related tasks required to support the Team.

Requirements:

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field; a Master’s degree is preferred.
• Minimum of 10 years of experience in cybersecurity, preferably within the banking or financial services sector.
• Strong understanding of cybersecurity frameworks (e.g., NIST, ISO 27001) and relevant regulatory requirements.
• Proficiency in a variety of security tools and technologies (e.g., firewalls, intrusion detection systems, SIEM, endpoint protection).
• Familiarity with data management practices, cybersecurity measures, and compliance requirements relevant to application development.
• Experience with cloud security, DevSecOps, and emerging technologies (e.g., IoT, AI) is highly desirable.
• Relevant certifications (e.g., CISSP, CISM, CEH, CompTIA Security+) are highly desirable.
• Strong analytical and creative problem-solving skills.
• Organized and detail oriented with the ability to manage multiple tasks.
• Other IT related duties as assigned by HOD and reporting manager.