Senior Cyber Security Manager

Department: Enabling : IT

Location: South Africa - Cape Town

Description

About Anthesis

Anthesis is the sustainability activator. Proud to be a B Corp, we seek to make a significant contribution to a world which is more resilient and productive. We do this by working with cities, corporates, investors and other organisations to drive sustainable performance. We develop financially driven sustainability strategies, underpinned by technical expertise and delivered by innovative collaborative teams across the world.

At Anthesis Group, we are truly committed to putting people and our planet at the heart of all we do.

Summary Of Role

Summary of Role & Key Responsibilities

Anthesis requires a Senior Cyber Security Manager to safeguard our computer systems, and data against security breaches, cyber-attacks, and information threats. This role involves developing and implementing strategies, policies, procedures, and best practices to ensure the security of digital assets, in addition to hands-on implementation, improvement, and remediation work.

Key Responsibilities

• Develop and enhance a comprehensive cybersecurity strategy and plan for the organisation
• Develop and enforce cyber/information security policies, standards, and procedures to ensure compliance with relevant laws, regulations, and industry standards (e.g. GDPR)
• Identify, assess, and mitigate cybersecurity risks within the organisation, including conducting risk assessments and vulnerability assessments.
• Maintain accurate records and documentation related to cybersecurity policies, incidents, and security configurations.
• Collaborate with other departments and stakeholders to ensure cybersecurity considerations are integrated into all aspects of the organisation's operations.
• Collaborate with IT and development teams to design and implement secure systems and applications.
• Contribute to the development of Crisis Management and Business Continuity plans, and Business Impact Assessments Security audits
• Provide responses for cyber security-related/third party risk management questions from clients, potential clients, internal stakeholders, RFPs, etc.
• Define and implement improvements to the delivery of inbound TPRM requests through the use of catalogues, databases, and/or AI.
• Gather responses cyber security-related/third party risk management questions from suppliers and potential suppliers for internal projects & tech approval requests.
• Lead and coordinate security audits, assessments, and penetration testing to identify weaknesses and recommend improvements, implementing these personally or delegating where appropriate.
• Define and report relevant security metrics against established frameworks to measure performance over time
• Participating in ISO audits and preparing controls, (specifically with Stage 2 in mind for RouteZero) Operations & incidents
• Develop and maintain an incident response plan and lead the response to cybersecurity incidents, including breach investigations, containment, and remediation.
• Be prepared to lead and coordinate the organisation's response during a cybersecurity crisis or emergency.
• Evaluate and manage relationships with cybersecurity vendors and service providers to ensure the organisation has access to the most effective security solutions.
• Oversee the management and maintenance of cybersecurity platforms and tools, such as firewalls, intrusion detection/prevention systems, SIEM (Security Information and Event Management) systems, antivirus software, and other security technologies.
• Promote cybersecurity awareness and best practices among employees and other stakeholders through training and awareness programs.
  
  

Key Requirements, Skills Knowledge & Expertise

• Degree or equivalent qualification in relevant fields
• Relevant security certifications – CISSP, CISM etc.
• Strong understanding of defensive security techniques, technologies, and strategy.
• Strong experience in logging and monitoring technologies (particularly for Cloud-based environments).
• Theoretical and practical experience of incident response governance (lifecycles, frameworks, incident handling, etc.) in a fast-paced environment.
• Experience in developing incident response playbooks/processes and ensuring they’re tested and formalised with different stakeholder audiences.
• Knowledge of compliance & regulatory frameworks – ISO 27001, PCI DSS, GDPR, etc.
• Experience with cloud-based environments (AWS, Azure etc.)
• A track record of supporting multiple projects simultaneously.
• The ability to communicate with both technical and non-technical audiences
• Great interpersonal skills with experience in collaborating with colleagues across all seniority levels.
  
  

Benefits

Your Benefits

You will be part of the South African branch of Anthesis. You will have the opportunity to put the company on the map and play a major role in this. We offer a competitive salary, medical aid and public transport allowance, subsidised meals, life insurance and disability cover. In addition, up to 23 days of vacation and opportunities to develop yourself further.

We work from the trendy Kloof Street in Cape Town; the buzzy area of Rosebank in Johannesburg and the laid-back vibe of Ballito near Durban. All our three offices in South Africa are situated at Workshop17 - the address for innovative and cutting-edge companies. Easy to reach, great coffee, and an ideal place to meet people.