Manager: Cyber Security Operations

Job DescriptionTHE JOB AT A GLANCEAs the Manager: Cyber Security Operations, you are responsible for managing the day-to-day execution of cyber security operations to ensure effective monitoring, detection, response and recovery across the organisation’s technology environment. Your role supports the Head of Cyber Security Operations in maintaining a resilient and intelligence-driven cyber defence capability that is aligned to operational priorities, risk requirements and service expectations.Your role provides operational leadership over SOC activities, cyber incident response coordination, vulnerability remediation tracking, threat detection improvement and cyber resilience readiness. It ensures that cyber operational controls, processes and technologies are functioning effectively and that threats and incidents are addressed in a timely, controlled and well-documented manner.Your role also serves as a key operational interface between cyber security operations and other technology and business stakeholders, enabling effective coordination during incidents, remediation programmes, audits and operational initiatives. You are accountable for team supervision, operational reporting, process improvement and continuous enhancement of cyber security operational performance.What You Will DoSecurity Operations Centre (SOC) & SIEM ManagementManage the day-to-day operation of the Security Operations Centre (SOC), ensuring continuous monitoring, alert triage, investigation, and timely escalationOversee the effective use of the SIEM platform, including monitoring coverage, use case execution, alert quality, and operational tuningSupport the optimization of detection rules, use cases, and alert correlation to improve visibility and reduce false positivesEnsure SOC procedures, playbooks, escalation paths, and service levels are consistently applied and maintained.Cyber Incident Management & ResponseManage operational cyber incident response processes, including detection, logging, triage, escalation, containment, eradication, recovery, and closure.Coordinate cross-functional response activities during cyber incidents, working with IT, Legal, Risk, and business stakeholders as required.Support the Head of Cybersecurity Operations during major incidents and provide operational leadership during lower to medium severity incidents.Facilitate post-incident reviews, root cause documentation, and tracking of lessons learned and corrective actions.Threat Hunting & Adversary DetectionCoordinate proactive threat hunting activities aimed at identifying hidden threats, suspicious behaviour, and advanced attack indicatorsSupport the use of threat intelligence, behavioural analytics, and internal testing results to improve monitoring and detection effectivenessAssist with internal penetration testing, purple team exercises, and validation of detection controlsHelp refine detection use cases in response to changes in threat landscape, attack trends, and business risk.Vulnerability & Patch ManagementManage vulnerability scanning schedules, remediation tracking, and reporting across infrastructure, applications, cloud platforms, and endpointsWork with IT teams to prioritise and remediate vulnerabilities based on risk, exploitability, and business impactCoordinate patch management follow-up to ensure critical updates are implemented within agreed timelinesReport on vulnerability posture, patch compliance, remediation performance, and areas of material exposure.Cyber Resilience & Crisis ReadinessSupport the planning and execution of cyber resilience activities, including breach simulations, ransomware scenarios, and operational readiness exercisesCoordinate operational preparedness for high-impact security incidents and support enterprise crisis response structures when invokedAssist in testing and validating operational response capabilities, recovery actions, and communication procedures.Breach Containment, Recovery & ForensicsCoordinate containment, recovery and restoration activities during cyber incidents to minimise operational disruptionSupport forensic evidence handling, investigation coordination and incident documentation in line with policy and legal requirementsEnsure recovery actions are properly tracked, validated and closed out following incidents.Threat Intelligence IntegrationSupport the integration of relevant internal and external threat intelligence into cyber operations processes and monitoring activitiesEnsure threat intelligence is converted into practical detection improvements, watchlists, and response actionsMaintain operational awareness of current cyber threats relevant to the organisation’s industry and environment.Operational Reporting & Management ReportingProduce regular operational and management reports covering cyber incidents, SOC performance, threat activity, vulnerability exposure, remediation progress, and resilience readinessTrack and report key performance and risk indicators such as MTTD, MTTR, dwell time, incident volumes, and remediation statusEscalate material trends, risks, and operational issues to the Head of Cybersecurity Operations with clear analysis and recommendationsMaintain reporting dashboards and management information to support continuous improvement and informed decision-making.Stakeholder Management & Cross-Functional CoordinationWork closely with IT Operations, Infrastructure, Software Development, Cybersecurity Engineering, IT GRC, Risk, and Legal teams to ensure effective operational coordinationAct as a key operational liaison during incidents, vulnerability remediation, and cyber resilience activitiesSupport alignment between cybersecurity operations processes and broader technology and business requirements.Technology & Capability EnablementSupport the implementation, configuration, and optimisation of security operations tooling, including SIEM, SOAR, EDR/XDR, vulnerability management, and threat intelligence platformsEnsure operational processes take advantage of automation and integration opportunities to improve efficiency and response speedContribute to the delivery of cybersecurity roadmap initiatives relevant to operationsSupport secure onboarding and operational readiness of new platforms, cloud services, and third-party solutions.Leadership & Capability DevelopmentSupervise and develop cybersecurity operations staff, including analysts and other operational resources assigned to the functionManage work allocation, shift coverage or operational schedules, quality of output, and adherence to procedures and SLAsProvide coaching, mentoring, and on-the-job development to strengthen operational capability and readinessPromote a culture of accountability, responsiveness, teamwork, and continuous improvement. What You Will Get In ReturnWe offer great opportunities for personal and professional development in a stable company that is 132 years strong. The role comes with a competitive salary package and various benefits. Furthermore, you will be part of a dedicated group of colleagues who value teamwork and collaboration.Turnaround timeThe shortlisting process will only start once the advert due date has been reached. The time taken to complete this process will depend on how far you progress within the recruitment process and the availability of our managers. Kindly note that should you not receive a response within 21 days, please consider your application unsuccessful.Closing date: 4th June 2026Our Commitment to transformation:In accordance with the employment equity plan of Rand Mutual Assurance and its employment equity goals and targets, preference may be given, but is not limited, to candidates from under-represented designated groups.Job RequirementsWhat You'll Bring To The TableBachelor’s degree in Computer Science, Information Technology, Information Systems, Cybersecurity, or related fieldMinimum 8 to 10 years’ experience in information security, cybersecurity operations, SOC operations, incident response, or closely related cybersecurity rolesDemonstrated experience in security monitoring, incident response, threat detection, vulnerability management, and operational reportingExperience in large, complex, or regulated environmentsExperience in regulated industries such as insurance, asset management, or financial services will be advantageousExperience working with IT delivery, infrastructure, cloud, and application teams to support secure and resilient operationsPreferred certifications: CISM, CISSP, CEH, GCIH, GCIA, Security+, ISO 27001, ITIL or equivalent.Knowledge & Skills:Security Operations and cyber defence managementCloud security operations, cloud monitoring, cyber defence management and security controlsCloud security operaSIEM, SOC monitoring, and incident response coordinationThreat detection, threat hunting, and threat intelligence application Vulnerability management and patch remediation trackingCyber resilience and crisis response supportSecurity operations tooling and automation enablementStrong analytical and problem-solving capabilityOperational and management reportingStakeholder coordination and communicationTeam supervision, coaching, and mentorshipWorking knowledge of regulatory and compliance requirements relevant to cyber operationsWorking knowledge of IAM, PAM, Zero Trust, and access governance controls.