Introduction:

As the Manager: Cyber Security Operations, you are responsible for managing the day-to-day execution of cyber security operations to ensure effective monitoring, detection, response and recovery across the organisation’s technology environment.

Description:

THE JOB AT A GLANCE

As the Manager: Cyber Security Operations, you are responsible for managing the day-to-day execution of cyber security operations to ensure effective monitoring, detection, response and recovery across the organisation’s technology environment. Your role supports the Head of Cyber Security Operations in maintaining a resilient and intelligence-driven cyber defence capability that is aligned to operational priorities, risk requirements and service expectations.

Your role provides operational leadership over SOC activities, cyber incident response coordination, vulnerability remediation tracking, threat detection improvement and cyber resilience readiness. It ensures that cyber operational controls, processes and technologies are functioning effectively and that threats and incidents are addressed in a timely, controlled and well-documented manner.

Your role also serves as a key operational interface between cyber security operations and other technology and business stakeholders, enabling effective coordination during incidents, remediation programmes, audits and operational initiatives. You are accountable for team supervision, operational reporting, process improvement and continuous enhancement of cyber security operational performance.

WHAT YOU WILL DO

Security Operations Centre (SOC) & SIEM Management

• Manage the day-to-day operation of the Security Operations Centre (SOC), ensuring continuous monitoring, alert triage, investigation, and timely escalation


• Oversee the effective use of the SIEM platform, including monitoring coverage, use case execution, alert quality, and operational tuning


• Support the optimization of detection rules, use cases, and alert correlation to improve visibility and reduce false positives


• Ensure SOC procedures, playbooks, escalation paths, and service levels are consistently applied and maintained.

Cyber Incident Management & Response

• Manage operational cyber incident response processes, including detection, logging, triage, escalation, containment, eradication, recovery, and closure.


• Coordinate cross-functional response activities during cyber incidents, working with IT, Legal, Risk, and business stakeholders as required.


• Support the Head of Cybersecurity Operations during major incidents and provide operational leadership during lower to medium severity incidents.


• Facilitate post-incident reviews, root cause documentation, and tracking of lessons learned and corrective actions.

Threat Hunting & Adversary Detection

• Coordinate proactive threat hunting activities aimed at identifying hidden threats, suspicious behaviour, and advanced attack indicators


• Support the use of threat intelligence, behavioural analytics, and internal testing results to improve monitoring and detection effectiveness


• Assist with internal penetration testing, purple team exercises, and validation of detection controls


• Help refine detection use cases in response to changes in threat landscape, attack trends, and business risk.

Vulnerability & Patch Management

• Manage vulnerability scanning schedules, remediation tracking, and reporting across infrastructure, applications, cloud platforms, and endpoints


• Work with IT teams to prioritise and remediate vulnerabilities based on risk, exploitability, and business impact


• Coordinate patch management follow-up to ensure critical updates are implemented within agreed timelines


• Report on vulnerability posture, patch compliance, remediation performance, and areas of material exposure.

Cyber Resilience & Crisis Readiness

• Support the planning and execution of cyber resilience activities, including breach simulations, ransomware scenarios, and operational readiness exercises


• Coordinate operational preparedness for high-impact security incidents and support enterprise crisis response structures when invoked


• Assist in testing and validating operational response capabilities, recovery actions, and communication procedures.

Breach Containment, Recovery & Forensics

• Coordinate containment, recovery and restoration activities during cyber incidents to minimise operational disruption


• Support forensic evidence handling, investigation coordination and incident documentation in line with policy and legal requirements


• Ensure recovery actions are properly tracked, validated and closed out following incidents.

Threat Intelligence Integration

• Support the integration of relevant internal and external threat intelligence into cyber operations processes and monitoring activities


• Ensure threat intelligence is converted into practical detection improvements, watchlists, and response actions


• Maintain operational awareness of current cyber threats relevant to the organisation’s industry and environment.

Operational Reporting & Management Reporting

• Produce regular operational and management reports covering cyber incidents, SOC performance, threat activity, vulnerability exposure, remediation progress, and resilience readiness


• Track and report key performance and risk indicators such as MTTD, MTTR, dwell time, incident volumes, and remediation status


• Escalate material trends, risks, and operational issues to the Head of Cybersecurity Operations with clear analysis and recommendations


• Maintain reporting dashboards and management information to support continuous improvement and informed decision-making.

Stakeholder Management & Cross-Functional Coordination

• Work closely with IT Operations, Infrastructure, Software Development, Cybersecurity Engineering, IT GRC, Risk, and Legal teams to ensure effective operational coordination


• Act as a key operational liaison during incidents, vulnerability remediation, and cyber resilience activities


• Support alignment between cybersecurity operations processes and broader technology and business requirements.

Technology & Capability Enablement

• Support the implementation, configuration, and optimisation of security operations tooling, including SIEM, SOAR, EDR/XDR, vulnerability management, and threat intelligence platforms


• Ensure operational processes take advantage of automation and integration opportunities to improve efficiency and response speed


• Contribute to the delivery of cybersecurity roadmap initiatives relevant to operations


• Support secure onboarding and operational readiness of new platforms, cloud services, and third-party solutions.

Leadership & Capability Development

• Supervise and develop cybersecurity operations staff, including analysts and other operational resources assigned to the function


• Manage work allocation, shift coverage or operational schedules, quality of output, and adherence to procedures and SLAs


• Provide coaching, mentoring, and on-the-job development to strengthen operational capability and readiness


• Promote a culture of accountability, responsiveness, teamwork, and continuous improvement.
  
  
  

WHAT YOU WILL GET IN RETURN

We offer great opportunities for personal and professional development in a stable company that is 132 years strong. The role comes with a competitive salary package and various benefits. Furthermore, you will be part of a dedicated group of colleagues who value teamwork and collaboration.

Turnaround time

The shortlisting process will only start once the advert due date has been reached. The time taken to complete this process will depend on how far you progress within the recruitment process and the availability of our managers. Kindly note that should you not receive a response within 21 days, please consider your application unsuccessful.

Closing date: 4th June 2026

Our Commitment to transformation:

In accordance with the employment equity plan of Rand Mutual Assurance and its employment equity goals and targets, preference may be given, but is not limited, to candidates from under-represented designated groups.

Requirements:

WHAT YOU'LL BRING TO THE TABLE

• Bachelor’s degree in Computer Science, Information Technology, Information Systems, Cybersecurity, or related field


• Minimum 8 to 10 years’ experience in information security, cybersecurity operations, SOC operations, incident response, or closely related cybersecurity roles


• Demonstrated experience in security monitoring, incident response, threat detection, vulnerability management, and operational reporting


• Experience in large, complex, or regulated environments


• Experience in regulated industries such as insurance, asset management, or financial services will be advantageous


• Experience working with IT delivery, infrastructure, cloud, and application teams to support secure and resilient operations


• Preferred certifications: CISM, CISSP, CEH, GCIH, GCIA, Security+, ISO 27001, ITIL or equivalent.

Knowledge & Skills:

• Security Operations and cyber defence management


• Cloud security operations, cloud monitoring, cyber defence management and security controls


• Cloud security opera


• SIEM, SOC monitoring, and incident response coordination


• Threat detection, threat hunting, and threat intelligence application


• Vulnerability management and patch remediation tracking


• Cyber resilience and crisis response support


• Security operations tooling and automation enablement


• Strong analytical and problem-solving capability


• Operational and management reporting


• Stakeholder coordination and communication


• Team supervision, coaching, and mentorship


• Working knowledge of regulatory and compliance requirements relevant to cyber operations


• Working knowledge of IAM, PAM, Zero Trust, and access governance controls.