SENIOR MANAGER, CYBER SECOPS | GRC

This role involves developing and promoting control standards and guidelines, supporting stakeholders in managing cyber risks across their lifecycle, and implementing meaningful risk metrics and reporting for senior leadership. The position also provides advisory support to both business and technology teams on control design, risk mitigation, and exception handling.

From a technology standpoint, the role oversees the organisation's security infrastructure, ensuring reliability, performance, and continuous improvement. It includes evaluating and introducing new security tools, as well as working closely with internal teams to implement and integrate solutions effectively. A strong emphasis is placed on maintaining a resilient and well-architected security environment.

Operationally, the role leads security monitoring, incident response, and threat intelligence efforts. It ensures continuous surveillance of systems, effective detection and analysis of threats, and coordinated response to incidents, including root cause analysis and improvement of response processes. Additionally, it manages third-party security operations by defining expectations, monitoring performance, and ensuring compliance, while maintaining strong communication and continuous improvement practices.

The ideal candidate holds a degree in Information Security, IT, Computer Science, or a related field, with a minimum of 5 years of hands-on experience in cybersecurity operations. Relevant professional certifications (e.g., CISA, CISSP, CISM, CRISC, or GIAC) are advantageous, alongside strong familiarity with established security standards such as ISO 27001 and NIST. The role requires a solid understanding of IT governance, project management methodologies, and applicable cybersecurity regulations, including local data protection and cybersecurity laws. Candidates should be well-versed in frameworks like MITRE ATT&CK and D3FEND, and possess practical expertise across a range of security technologies, including firewalls, IDS/IPS, EDR, IAM, PAM, SIEM, WAF, and PKI. Experience operating within regulated environments, particularly in highly controlled sectors, is considered a plus.