Manager - Cyber Security

Cyber Security Manager

Main responsibilities for the roles are:

- Analyse and correlate information security events to identify appropriate event handling actions.

- Assess operational and implementation costs and evaluate them against the potential business impact if the policies and controls are not implemented.

- Assess the effectiveness of the measures against security risk management plan.

- Develop IT security policy and operational procedures based on information collected.

- Develop a documented action plan containing policies, practices and procedures that mitigate the identified risks.

- Document information related to IT security attacks, threats, risks and controls.

- Establish a standard methodology for performing security tests in accordance with security requirements.

- Establish review procedures based on organisation's security risk management plan.

- Evaluate effectiveness of current incident response plan against industry good practices.

- Evaluate response plans periodically to ensure relevance.

- Identify threats and risks that are relevant to organisation's operations and systems.

- Monitor the effectiveness of action plans in addressing information risks.

- Maintain the DevSecOps pipeline and gates from security side.

- Obtain corporate management's endorsement of security policies, standards, and procedures by articulating cost and benefits.

- Perform comparative analysis of security service performance level parameters against security information sources.

- Prepare information security performance report based on results from analysis and correlation of information security events.

- Rate and categorise potential security incidents.

- Recommend suitable enhancements to improve information security performance.

- Review business and security environment to identify existing requirements.

- Review security policies, standards, and procedures by considering the threats identified and other information collected.

- Test incident response plans periodically to ensure response times and executed procedures are acceptable.

- Test Cyber Defence preparedness for the organization