(1089) Senior Cyber Security Incident Responder - BSTD

Brief description

The main purpose of this position is to manage the incident response life cycle, including liaising with stakeholders, preparing for, coordinating and providing team leadership for cybersecurity incident response teams (CSIRTs), and ensuring appropriate cybersecurity incident responses to minimise the impact of malicious events or breaches.

Detailed description

The successful candidate will be responsible for the following key performance areas:

• Contribute to the development of incident response documentation, including terms of reference and operating procedures.
• Define and improve the CSIRT operations and coordinate activities, including communications to external parties in the event of severe incidents.
• Refine and continually improve cybersecurity incident management plans, tools, methods and processes.
• Plan and organise cyber incident simulations and desktop exercises.
• Effectively coordinate the response to security breaches and lead the investigation and containment of the incident by sourcing and interpreting advanced information and executing operational countermeasures, including making technical configuration changes.
• Conduct post-incident root cause analyses and contribute to the improvement of security monitoring, intelligence and forensic teams.
• Work with external cyber liaison functions to ensure CSIRT coordination aligns with the wider sector and national and international cyber resilience coordination.
• Manage coordination between the incident response team and the investigative and support functions to ensure all stakeholder priorities are addressed.
• Manage external forensic and advanced incident response support to ensure the delivery of value and alignment with sectoral processes.
• Stay abreast of industry practices and changes and incorporate them into the various functional areas.
• Compile and provide integrated management information reports to support decision-making.
• Lead and participate in engagements with relevant stakeholders/clients and external parties, including the sectoral, national and international liaison, for the purpose of information-sharing and coordinated technical response.
• Compose clear and concise CSIRT close out reports, detailing causes, investigation outcomes, actions taken, recommendations and lessons learnt.
• Understand the cyber threat landscape and stay abreast of emerging threats and threat actors.

Job requirements

To be considered for this position, candidates must be in possession of:

• a minimum of an Honours degree (NQF 8) in Information Technology or an equivalent qualification;
• valid advanced cybersecurity certifications, such as Certified Information Systems Security Professional or SANS 504™ or equivalent role-focused certifications; and
• at least eight to 10 years in information security, with three to five years’ job-related experience in a core security incident response team role.

Additional requirements include:

• industry, sectoral, organisational and business awareness;
• quality assurance knowledge and skill;
• business continuity knowledge;
• continued improvement, learning and/or professional development knowledge;
• effective communication skills;
• analytical and problem-solving skills;
• judgement and decision-making skills;
• the ability to manage complexity and ambiguity;
• conceptual thinking skills;
• flexibility/adaptability;
• a drive for results;
• the ability to build and manage relationships;
• a learning focus;
• a team focus;
• planning and organisational skills; and 
• a service and stakeholder focus.

In line with the SARB’s commitment to diversifying its workforce, preference will be given to suitable candidates from designated groups. People with disabilities are welcome to apply.

The SARB offers remuneration and benefits commensurate with the level of the position and in line with the market. The level at which the successful applicant will be appointed will depend on his/her competence and experience.

About SARB

 

Primary mandate of the SARB

 

Section 224 of the Constitution of South Africa states the mandate of the SARB as follows:

The primary object of the South African Reserve Bank is to protect the value of the currency in the interest of balanced and sustainable economic growth in the Republic.

The South African Reserve Bank, in support of its primary objective, must perform its functions independently and without fear, favour or prejudice.

 

WHAT WE DO

 

Monetary Policy

 

The Constitution gives the SARB the mandate to protect the value of the rand. We use interest rates to keep inflation low and steady.

 

Financial Stability

 

The SARB has a mandate to protect and enhance financial stability. We identify and mitigate systemic risks that might disrupt the financial system.

 

Prudential Regulation

 

The Prudential Authority regulates financial institutions and market infrastructures to promote and enhance their safety and soundness, and support financial stability.

 

Financial Markets

 

Open market operations are the main tool we use to implement monetary policy. We manage South Africa’s gold and foreign exchange reserves.

 

Financial Surveillance

 

The SARB is responsible for regulating cross-border transactions, preventing the abuse of the financial system and supporting the regulation of financial institutions.

 

Payments and Settlements

 

The SARB is responsible for ensuring the safety and soundness of the national payment system, which is the backbone of South Africa’s modern financial system.

 

Statistics

 

The SARB provides important economic and financial statistics that present an overview of the economic situation in South Africa.

 

Research

 

Research conducted by the SARB focuses on economics, financial stability, banking and emerging trends in finance. Our research supports policy decision-making.

Banknotes and Coin

 

The SARB has the sole right to make, issue and destroy banknotes and coin in South Africa.